3 matches found
CVE-2026-35474
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...
PT-2025-34249 · Wegia · Wegia
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.7 Description: WeGIA is a Web manager for charitable institutions. A Stored Cross-Site Scripting XSS vulnerability exists in the dependente docdependente.php endpoint of the WeGIA application. This vulnerability...
CVE-2025-26611 SQL Injection endpoint 'remover_produto.php' parameter 'id_produto' in WeGIA
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, removerproduto.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized...