Lucene search
K

651 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/06 9:1 p.m.4 views

CVE-2026-35395

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...

8.8CVSS6.2AI score0.00392EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.6 views

PT-2026-30742

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $ GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

5.1CVSS5.9AI score0.00186EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.5 views

CVE-2026-33991

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS5.9AI score0.00392EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 11:17 p.m.6 views

CVE-2026-33991

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS0.00392EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/27 10:10 p.m.6 views

EUVD-2026-16884

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS5.9AI score0.00392EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 10:10 p.m.4 views

CVE-2026-33991 WeGIA has SQL Injection in deletar_tag.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS5.9AI score0.00392EPSS
Exploits1References3
CVE
CVE
added 2026/03/27 10:10 p.m.15 views

CVE-2026-33991

CVE-2026-33991 affects WeGIA (web manager for charitable institutions). Before version 3.6.7, html/socio/sistema/deletar_tag.php uses extract($_REQUEST) and directly concatenates $id_tag into SQL queries (no prepared statements/sanitization), enabling SQL injection. This results in potential data...

8.8CVSS5.9AI score0.00392EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.10 views

CVE-2026-33135

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the novomemorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without...

9.3CVSS6AI score0.00224EPSS
Exploits1References1
NVD
NVD
added 2026/03/20 11:18 a.m.7 views

CVE-2026-33136

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...

9.3CVSS0.00214EPSS
Exploits1References2
NVD
NVD
added 2026/03/20 11:18 a.m.7 views

CVE-2026-33134

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

9.3CVSS0.00304EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/20 10:41 a.m.7 views

EUVD-2026-13682

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...

9.3CVSS6AI score0.00214EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:38 a.m.7 views

CVE-2026-33135

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the novomemorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without...

9.3CVSS6AI score0.00224EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:35 a.m.9 views

CVE-2026-33134

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

9.3CVSS6AI score0.00304EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/20 10:31 a.m.5 views

CVE-2026-33133 WeGIA has an arbitrary SQL execution vulnerability via crafted backup archive

WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...

8.6CVSS6.1AI score0.00401EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.5 views

PT-2026-26607

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listar memorandos ativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed in...

9.3CVSS6AI score0.00214EPSS
Exploits1References9
Cvelist
Cvelist
added 2026/03/11 7:8 p.m.27 views

CVE-2026-31895 WeGIA has a SQL Injection via Direct Query Interpolation in restaurar_produto.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in html/matPat/restaurarproduto.php. The idproduto parameter from $GET is directly interpolated into SQL queries without...

8.8CVSS0.00387EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:8 p.m.4 views

CVE-2026-31895

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in html/matPat/restaurarproduto.php. The idproduto parameter from $GET is directly interpolated into SQL queries without...

8.8CVSS5.8AI score0.00387EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/11 7:8 p.m.5 views

EUVD-2026-11311

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in html/matPat/restaurarproduto.php. The idproduto parameter from $GET is directly interpolated into SQL queries without...

8.8CVSS5.8AI score0.00387EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:5 p.m.4 views

CVE-2026-31894

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...

6.9CVSS5.8AI score0.00414EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/01 1:43 a.m.5 views

CVE-2026-28408

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionartipodocsatendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like...

9.8CVSS6AI score0.00514EPSS
Exploits1References1
Rows per page
Query Builder