28 matches found
CVE-2026-35395
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...
CVE-2026-35395
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...
CVE-2026-35395
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...
CVE-2026-35395 WeGIA has a SQL Injection in DespachoDAO.php via id_memorando parameter
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...
CVE-2026-35395
CVE-2026-35395 affects WeGIA, a web manager for charitable institutions. Before version 3.6.9, the vulnerability exists in dao/memorando/DespachoDAO.php where the parameter id_memorando is read from $_REQUEST without validation and directly interpolated into SQL queries. This leads to a SQL injec...
EUVD-2026-19495
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...
PT-2026-30733
Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.9 Description WeGIA, a Web manager for charitable institutions, contains a SQL injection issue in the 'dao/memorando/DespachoDAO.php' file. The id memorando parameter, obtained from the $ REQUEST variable, is used i...
CVE-2026-23722
WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting XSS vulnerability was discovered in the WeGIA system, specifically within the html/memorando/inseredespacho.php file. The application fails to properly sanitize or encode user-supplied input via t...
CVE-2026-23722
WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting XSS vulnerability was discovered in the WeGIA system, specifically within the html/memorando/inseredespacho.php file. The application fails to properly sanitize or encode user-supplied input via t...
EUVD-2026-3115
WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting XSS vulnerability was discovered in the WeGIA system, specifically within the html/memorando/inseredespacho.php file. The application fails to properly sanitize or encode user-supplied input via t...
CVE-2026-23722
WeGIA (Web Manager for Charitable Institutions) before version 3.6.2 contains a Reflected Cross-Site Scripting (XSS) flaw in html/memorando/insere_despacho.php where the id_memorando GET parameter is echoed into HTML without proper sanitization/encoding. This allows unauthenticated attackers to i...
CVE-2026-23722
WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting XSS vulnerability was discovered in the WeGIA system, specifically within the html/memorando/inseredespacho.php file. The application fails to properly sanitize or encode user-supplied input via t...
CVE-2026-23722 WeGIA has a Reflected Cross-Site Scripting (XSS) vulnerability allowing arbitrary code execution and UI redressing.
WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting XSS vulnerability was discovered in the WeGIA system, specifically within the html/memorando/inseredespacho.php file. The application fails to properly sanitize or encode user-supplied input via t...
EUVD-2026-3114
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the AtendidoocorrenciaControle endpoint via the idmemorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential...
WeGIA Cross-Site Script Vulnerabilities
WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the idmemorando parameter in the...
PT-2026-3306
Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.2 Description WeGIA is a Web Manager for Charitable Institutions. A Reflected Cross-Site Scripting XSS issue exists in the system, specifically within the html/memorando/insere despacho.php file. The application doe...
PT-2026-3307
Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.2 Description WeGIA is a web manager for charitable institutions. A SQL Injection issue exists that allows for full database exfiltration, exposure of sensitive PII, and potential arbitrary file reads in misconfigur...
CVE-2025-58454
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...
CVE-2025-58453
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior in the endpoint /WeGIA/html/memorando/exibeanexo.php, in the idanexo parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL queries,...
CVE-2025-58454
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...