9 matches found
EUVD-2025-20293
Malicious code in bioql PyPI...
CVE-2025-54062
Summary: CVE-2025-54062 affects WeGIA, an open source web manager. A SQL Injection flaw exists in versions prior to 3.4.6 in the /html/funcionario/profile_dependente.php endpoint, specifically in the id_dependente parameter. Root cause is lack of input validation for externally supplied SQL state...
CVE-2025-54062 WeGIA SQL Injection (Blind Time-Based) Vulnerability in id_dependente Parameter on profile_dependente.php Endpoint
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the /html/funcionario/profiledependente.php endpoint, specifically in the iddependente parameter. This vulnerability...
CVE-2025-53525
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the profilefamiliar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the iddependente parameter. This vulnerability is...
CVE-2025-53525
The CVE-2025-53525 entry concerns WeGIA, a web manager for charitable organizations. A concrete vulnerability exists in the profile_familiar.php endpoint where the id_dependente parameter enables reflected Cross-Site Scripting (XSS). The root cause is insufficient filtering/escaping of user-suppl...
CVE-2025-53525 WebGia allows Cross-Site Scripting (XSS) in profile_familiar.php via the id_dependente parameter
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the profilefamiliar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the iddependente parameter. This vulnerability is...
CVE-2025-22140
WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependentelistarum.php endpoint, specifically in the iddependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the...
CVE-2025-22140 WeGIA SQL Injection (Blind Time-Based) endpoint 'dependente_listar_um.php' parameter 'id_dependente'
WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependentelistarum.php endpoint, specifically in the iddependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the...
CVE-2025-22140 WeGIA SQL Injection (Blind Time-Based) endpoint 'dependente_listar_um.php' parameter 'id_dependente'
WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependentelistarum.php endpoint, specifically in the iddependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the...