Lucene search
K

4 matches found

EUVD
EUVD
added 2026/04/17 8:25 p.m.11 views

EUVD-2026-23529

WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpfusuario POST parameter overwrites the session-stored user identity via extract$REQUEST in DespachoControle::verificarDespacho, and the...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/17 8:25 p.m.9 views

CVE-2026-40285 WeGIA has SQL Injection via Session Variable Override in DespachoControle.php

WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpfusuario POST parameter overwrites the session-stored user identity via extract$REQUEST in DespachoControle::verificarDespacho, and the...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References1
OSV
OSV
added 2026/04/17 8:25 p.m.2 views

CVE-2026-40285 WeGIA has SQL Injection via Session Variable Override in DespachoControle.php

WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpfusuario POST parameter overwrites the session-stored user identity via extract$REQUEST in DespachoControle::verificarDespacho, and the...

8.8CVSS6.1AI score0.00266EPSS
Exploits0References3
CVE
CVE
added 2026/04/17 8:25 p.m.10 views

CVE-2026-40285

WeGIA web manager versions before 3.6.10 are affected by a SQL injection in dao/memorando/UsuarioDAO.php. The flaw stems from the cpf_usuario POST parameter being used to overwrite the session-stored user identity via extract($_REQUEST) in DespachoControle::verificarDespacho(), with the attacker-...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References1
Rows per page
Query Builder