13 matches found
CVE-2026-35395
CVE-2026-35395 affects WeGIA, a web manager for charitable institutions. Before version 3.6.9, the vulnerability exists in dao/memorando/DespachoDAO.php where the parameter id_memorando is read from $_REQUEST without validation and directly interpolated into SQL queries. This leads to a SQL injec...
EUVD-2026-19495
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...
CVE-2026-23722
WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting XSS vulnerability was discovered in the WeGIA system, specifically within the html/memorando/inseredespacho.php file. The application fails to properly sanitize or encode user-supplied input via t...
EUVD-2026-3115
WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting XSS vulnerability was discovered in the WeGIA system, specifically within the html/memorando/inseredespacho.php file. The application fails to properly sanitize or encode user-supplied input via t...
CVE-2026-23722
WeGIA (Web Manager for Charitable Institutions) before version 3.6.2 contains a Reflected Cross-Site Scripting (XSS) flaw in html/memorando/insere_despacho.php where the id_memorando GET parameter is echoed into HTML without proper sanitization/encoding. This allows unauthenticated attackers to i...
EUVD-2026-3114
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the AtendidoocorrenciaControle endpoint via the idmemorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential...
WeGIA Cross-Site Script Vulnerabilities
WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the idmemorando parameter in the...
CVE-2025-58454
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...
CVE-2025-58454
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...
CVE-2025-58454 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'listar_despachos.php' parameter 'id_memorando'
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...
CVE-2025-58454 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'listar_despachos.php' parameter 'id_memorando'
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...
CVE-2025-58454 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'listar_despachos.php' parameter 'id_memorando'
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...
CVE-2025-58452 WeGIA vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint 'listar_despachos.php' parameter 'id_memorando'
WeGIA is a Web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the listardespachos.php endpoint of the WeGIA application prior to version 3.4.11. This vulnerability allows attackers to inject malicious scripts in the idmemorando parameter...