14 matches found
CVE-2026-35395 WeGIA has a SQL Injection in DespachoDAO.php via id_memorando parameter
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...
WeGIA SQL注入漏洞
WeGIA is a network manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.9 contained an SQL injection vulnerability. This vulnerability stemmed from the idmemorando parameter in the dao/memorando/DespachoDAO.php file being used in SQL queries without...
CVE-2026-23723
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the AtendidoocorrenciaControle endpoint via the idmemorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential...
CVE-2026-23722
WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting XSS vulnerability was discovered in the WeGIA system, specifically within the html/memorando/inseredespacho.php file. The application fails to properly sanitize or encode user-supplied input via t...
CVE-2026-23723 WeGIA has a Critical SQL Injection in Atendido_ocorrenciaControle via id_memorando parameter
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the AtendidoocorrenciaControle endpoint via the idmemorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential...
CVE-2026-23723 WeGIA has a Critical SQL Injection in Atendido_ocorrenciaControle via id_memorando parameter
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the AtendidoocorrenciaControle endpoint via the idmemorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential...
CVE-2026-23723
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the AtendidoocorrenciaControle endpoint via the idmemorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential...
CVE-2026-23723
CVE-2026-23723 affects WeGIA, a web manager for charitable institutions. Before version 3.6.2, an authenticated SQL Injection was identified in the Atendido_ocorrenciaControle endpoint via the id_memorando parameter. The flaw enables full database exfiltration, exposure of sensitive PII, and pote...
EUVD-2025-27274
Malicious code in bioql PyPI...
CVE-2025-58452
WeGIA is a Web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the listardespachos.php endpoint of the WeGIA application prior to version 3.4.11. This vulnerability allows attackers to inject malicious scripts in the idmemorando parameter...
CVE-2025-58452
WeGIA is a Web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the listardespachos.php endpoint of the WeGIA application prior to version 3.4.11. This vulnerability allows attackers to inject malicious scripts in the idmemorando parameter...
CVE-2025-58452 WeGIA vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint 'listar_despachos.php' parameter 'id_memorando'
WeGIA is a Web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the listardespachos.php endpoint of the WeGIA application prior to version 3.4.11. This vulnerability allows attackers to inject malicious scripts in the idmemorando parameter...
CVE-2025-58452 WeGIA vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint 'listar_despachos.php' parameter 'id_memorando'
WeGIA is a Web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the listardespachos.php endpoint of the WeGIA application prior to version 3.4.11. This vulnerability allows attackers to inject malicious scripts in the idmemorando parameter...
CVE-2025-58452
CVE-2025-58452 affects WeGIA Web Manager for charitable institutions, with a Reflected Cross-Site Scripting (XSS) vulnerability in the listar_despachos.php endpoint, exploitable via the id_memorando parameter prior to version 3.4.11. The cited updates indicate that version 3.4.11 contains a patch...