CVE-2025-62177 WeGIA vulnerable to SQL Injection via 'id_funcionario' param at endpoint `/html/funcionario/dependente_listar.php`

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependentelistar.php endpoint, specifically in the idfuncionario parameter. This vulnerability allows attackers to...

EUVD-2025-20267

Malicious code in bioql PyPI...

EUVD-2025-25464

Malicious code in bioql PyPI...

WeGIA SQL Injection Vulnerability (CNVD-2025-17269)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /html/saude/profilepaciente.php endpoint idfuncionario parameter. An attacker could exploit this vulnerability...

WeGIA 安全漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /html/saude/profilepaciente.php endpoint idfuncionario parameter. An attacker could exploit this vulnerability...

WeGIA SQL Injection Vulnerability (CNVD-2025-17291)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from a lack of validation of the idfuncionario parameter against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

CVE-2025-53377

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the cadastrodependentepessoanova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the idfuncionario parameter. This...

CVE-2025-53529 WeGIA allows SQL Injection in html/funcionario/profile_funcionario.php (id_funcionario parameter)

WeGIA is a web manager for charitable institutions. An SQL Injection vulnerability was identified in the /html/funcionario/profilefuncionario.php endpoint. The idfuncionario parameter is not properly sanitized or validated before being used in a SQL query, allowing an unauthenticated attacker to...

CVE-2025-53529 WeGIA allows SQL Injection in html/funcionario/profile_funcionario.php (id_funcionario parameter)

WeGIA is a web manager for charitable institutions. An SQL Injection vulnerability was identified in the /html/funcionario/profilefuncionario.php endpoint. The idfuncionario parameter is not properly sanitized or validated before being used in a SQL query, allowing an unauthenticated attacker to...

CVE-2025-53377

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cadastro_dependente_pessoa_nova.php endpoint, where attacker-supplied data in the id_funcionario parameter can inject scripts. The issue is caused by insufficient input h...

CVE-2025-53377 WebGia allows Cross-Site Scripting (XSS) in cadastro_dependente_pessoa_nova.php via the id_funcionario parameter

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the cadastrodependentepessoanova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the idfuncionario parameter. This...

CVE-2025-53377 WebGia allows Cross-Site Scripting (XSS) in cadastro_dependente_pessoa_nova.php via the id_funcionario parameter

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the cadastrodependentepessoanova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the idfuncionario parameter. This...

CVE-2024-57031

WeGIA 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the idfuncionario parameter...

CVE-2025-30364 WeGIA vulnerable to SQL Injection (Blind Time-Based) in remuneracao.php parameter id_funcionario

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/funcionario/remuneracao.php, in the idfuncionario parameter. This vulnerability allows the execution of arbitrary SQL commands, which can...

CVE-2024-57031

WeGIA 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the idfuncionario parameter...

CVE-2024-57031

CVE-2024-57031 affects WeGIA prior to 3.2.0, where an SQL injection is possible in /funcionario/remuneracao.php via the id_funcionario parameter. The CVE entry documents a high-severity impact (CONF/I/A HIGH) with network attack vector and no privileges required, per NVD/CNA metrics. Connected so...

CVE-2024-57031

WeGIA 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the idfuncionario parameter...