2 matches found
CVE-2025-22133
WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar,...
CVE-2025-30366
WeGIA is a web manager for charitable institutions. CVE-2025-30366 describes a stored XSS vulnerability in WeGIA versions prior to 3.2.8 , affecting the file path or function related to personalizacao.php . The underlying issue is a stored script that is delivered to users’ browsers when pages ar...