WeGIA <= 3.6.4 - Remote Code Execution

WeGIA = 3.6.5 contains a remote code execution caused by improper validation of backup file names in the database restoration functionality, letting attackers with administrative access execute arbitrary OS commands id: CVE-2026-28409 info: name: WeGIA = 3.6.4 - Remote Code Execution author:...

CVE-2026-42873

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependenteupload.php, the application responds with an overly descriptive error message. This leads to information disclosure, effectively...

CVE-2026-45026

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Processo de Aceitação html/atendido/processoaceitacao.php page, which is executed when user access t...

CVE-2026-45027

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...

CVE-2026-42870

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profilefuncionario.php?idfuncionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving t...

CVE-2026-42872

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting XSS vulnerability exists in listaarquivosetapa.php due to improper handling of user-supplied input. The idprocesso parameter is directly embedded into the HTML without sanitization,...

CVE-2026-45335

WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle...

CVE-2026-45335

WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle...

CVE-2026-45027

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...

EUVD-2026-32566

WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle...

CVE-2026-45335

WeGIA is vulnerable to an Open Redirect in the /WeGIA/controle/control.php endpoint prior to version 3.7.3. The vulnerability arises via the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle, where the application fails to validate or restrict nextPage. This ...

CVE-2026-45335 WeGIA: Middleware whitelist bypass → open redirect via InternoControle.nextPage

WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle...

CVE-2026-45335

WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle...

CVE-2026-45335 WeGIA: Middleware whitelist bypass → open redirect via InternoControle.nextPage

WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle...

CVE-2026-45027

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, login.php hashes the submitted password with PHP hash(…, 'SHA-256') and no salt, and the password-change flow uses the same pattern. SHA-256 is a fast general-purpose hash, not ideal for password storage, so identical...

CVE-2026-45027 WeGIA: Use of Weak Password Hashing Algorithm (SHA-256, no salt) in html/login.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...

CVE-2026-45027 WeGIA: Use of Weak Password Hashing Algorithm (SHA-256, no salt) in html/login.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...

CVE-2026-45027

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...

PT-2026-44043

WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle...

PT-2026-44042

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...