CVE-2026-31894

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...

PT-2026-24796

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and file get contents to read SQL files from the extracted contents. Neither the extraction nor the file reading...

CVE-2026-23724

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/atendido/cadastroocorrencia.php endpoint of the WeGIA application. The application does not sanitize user-controlled data before rendering it inside the...

EUVD-2024-51973

Malicious code in bioql PyPI...

EUVD-2024-53504

Malicious code in bioql PyPI...

EUVD-2024-53500

Malicious code in bioql PyPI...

WeGIA 安全漏洞

WeGIA is a web manager for welfare organizations from the individual developer Nilson Lazarin. A security vulnerability exists in WeGIA version 3.4.12 and earlier, which stems from a deletion operation of an Almoxarifado entity that is exposed via HTTP GET and lacks cross-site request forgery...

CVE-2025-53931

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarraca.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject...

CVE-2025-53823 WeGIA vulnerable to SQL Injection (Blind Time-Based) in `processa_deletar_socio.php` parameter `id_socio`

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Versions prior to 3.4.5 have a SQL Injection vulnerability in the endpoint /WeGIA/html/socio/sistema/processadeletarsocio.php, in the idsocio parameter. This vulnerability allows the execution...

PT-2025-29867 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.5 Description: An authentication bypass issue exists in the /dao/verificar recursos cargo.php API endpoint of the WeGIA application. This allows unauthenticated users to access protected functionalities and retriev...

PT-2025-26968 · Unknown · Labredescefetrj Wegia

Name of the Vulnerable Software and Affected Versions: LabRedesCefetRJ WeGIA version 3.4.0 Description: A vulnerability was found in the processing of the file /html/matPat/adicionar categoria.php of the component Additional Categoria. The manipulation of the argument Insira a nova categoria lead...

CVE-2025-52474 WeGIA SQL Injection Vulnerability in id Parameter on control.php Endpoint

WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, a SQL Injection vulnerability was identified in the id parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as...

CVE-2024-53470

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/gatewaypagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

CVE-2024-53472

WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery CSRF...

CVE-2025-30367

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information...

PT-2025-5599 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.12 Description: A SQL Injection issue was discovered in the WeGIA application, affecting the get codigobarras cobranca.php endpoint. This could allow an authorized attacker to execute arbitrary SQL queries, enablin...

CVE-2024-57033

WeGIA 3.2.0 is vulnerable to Cross Site Scripting XSS via the dadosaddInfo parameter of documentosfuncionario.php...

CVE-2024-57035

WeGIA v3.2.0 is vulnerable to SQL Injection via the nextPage parameter in /controle/control.php. The CVE records a high-severity issue (CVSS 3.1: 9.8) with network attack vector and no privileges/user interaction required. Remediation details are not provided in the supplied documents.

CVE-2024-57034

WeGIA 3.2.0 is vulnerable to SQL Injection in querygeracaoauto.php via the query parameter...

WeGIA 跨站脚本漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A cross-site scripting vulnerability exists in WeGIA version 2.3.7, which stems from a reflected cross-site scripting vulnerability contained in the msge parameter of the precadastrofuncionario.php page...