CVE-2026-28411 WeGIA Vulnerable to Authentication Bypass via `extract($_REQUEST)`

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the extract function on the $REQUEST superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass...

EUVD-2026-9081

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the extract function on the $REQUEST superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass...

PT-2026-22413

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.5 Description WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the extract function on the $ REQUEST superglobal allows an unauthenticated attacker to overwrite local...

EUVD-2008-6469

Malware in sbrugna...

EUVD-2012-2944

Malware in sbrugna...

EUVD-2009-4113

Malware in sbrugna...

EUVD-2007-4468

Malware in sbrugna...

EUVD-2007-4325

Malware in sbrugna...

EUVD-2011-0764

Malware in sbrugna...

EUVD-2007-1392

Malware in sbrugna...

EUVD-2022-5750

Malicious code in bioql PyPI...

CVE-2012-2966

Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors...

VulnCheck KEV: CVE-2017-17731

DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php...

SUSE CVE-2009-4143

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to 1 interrupt corruption of the SESSION superglobal array and 2 the session.savepath directive...

Caucho Quercus, as distributed in Resin, overwrites entries in SERVER superglobal array on basis of POST parameters

Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors...

GHSA-X962-W72P-MV7Q phpMyAdmin Global variables scope injection vulnerability

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request...

phpMyAdmin vulnerable to static code injection

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal...

GHSA-VQCM-R62W-W437 phpMyAdmin remote variable manipulation

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...

CVE-2017-17731

DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php...

CVE-2017-17731

DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php...