EUVD-2025-21770

Malicious code in bioql PyPI...

PT-2025-28219 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.3 Description: A critical issue was identified in WeGIA, a web manager for charitable institutions. The /html/funcionario/profile funcionario.php endpoint is vulnerable due to the id funcionario parameter not being...

PT-2025-26206 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.2 Description: The issue is related to an OS Command Injection flaw in the "/html/configuracao/debug info.php" endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a...

CVE-2024-57034

WeGIA 3.2.0 is vulnerable to SQL Injection in querygeracaoauto.php via the query parameter...

CVE-2024-57032

WeGIA 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senhaantiga field...

PT-2025-4601 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.6 Description: WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the Cadastro Atendido.php...

CVE-2025-22132 WeGIA has a Cross-Site Scripting (XSS) in File Upload Field

WeGIA is a web manager for charitable institutions. A Cross-Site Scripting XSS vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute...

CVE-2024-53472

WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery CSRF...