8 matches found
CVE-2026-35395
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...
CVE-2026-23722
WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting XSS vulnerability was discovered in the WeGIA system, specifically within the html/memorando/inseredespacho.php file. The application fails to properly sanitize or encode user-supplied input via t...
EUVD-2026-3114
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the AtendidoocorrenciaControle endpoint via the idmemorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential...
PT-2026-3307
Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.2 Description WeGIA is a web manager for charitable institutions. A SQL Injection issue exists that allows for full database exfiltration, exposure of sensitive PII, and potential arbitrary file reads in misconfigur...
CVE-2025-58454
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...
CVE-2025-58454
CVE-2025-58454 affects WeGIA Web Manager (charities). A SQL injection exists in the endpoint /WeGIA/html/memorando/listar_despachos.php, parameter id_memorando, for versions
CVE-2025-58454 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'listar_despachos.php' parameter 'id_memorando'
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...
PT-2025-36521
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.11 Description: WeGIA is a Web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability exists in the listar despachos.php endpoint. Attackers can inject malicious scripts through the...