10 matches found
EUVD-2025-20293
Malicious code in bioql PyPI...
The vulnerability in the WeGIA web manager’s /html/funcionario/profile_dependente.php script allows a perpetrator to disclose confidential information, increase their privileges, or execute arbitrary code.
The vulnerability in the WeGIA web manager’s /html/funcionario/profiledependente.php script relates to the failure to protect the SQL query structure when processing the iddependente parameter. Exploiting this vulnerability can allow an attacker to disclose confidential information, enhance their...
CVE-2025-54062 WeGIA SQL Injection (Blind Time-Based) Vulnerability in id_dependente Parameter on profile_dependente.php Endpoint
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the /html/funcionario/profiledependente.php endpoint, specifically in the iddependente parameter. This vulnerability...
CVE-2025-54062
Summary: CVE-2025-54062 affects WeGIA, an open source web manager. A SQL Injection flaw exists in versions prior to 3.4.6 in the /html/funcionario/profile_dependente.php endpoint, specifically in the id_dependente parameter. Root cause is lack of input validation for externally supplied SQL state...
CVE-2025-53525
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the profilefamiliar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the iddependente parameter. This vulnerability is...
CVE-2025-53525 WebGia allows Cross-Site Scripting (XSS) in profile_familiar.php via the id_dependente parameter
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the profilefamiliar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the iddependente parameter. This vulnerability is...
CVE-2025-53525
The CVE-2025-53525 entry concerns WeGIA, a web manager for charitable organizations. A concrete vulnerability exists in the profile_familiar.php endpoint where the id_dependente parameter enables reflected Cross-Site Scripting (XSS). The root cause is insufficient filtering/escaping of user-suppl...
CVE-2025-22140
WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependentelistarum.php endpoint, specifically in the iddependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the...
CVE-2025-22140 WeGIA SQL Injection (Blind Time-Based) endpoint 'dependente_listar_um.php' parameter 'id_dependente'
WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependentelistarum.php endpoint, specifically in the iddependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the...
CVE-2025-22140 WeGIA SQL Injection (Blind Time-Based) endpoint 'dependente_listar_um.php' parameter 'id_dependente'
WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependentelistarum.php endpoint, specifically in the iddependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the...