Wegia

Wegia

178 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2026-35475

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.04.2026 21:17:04
  • Zuletzt bearbeitet 10.04.2026 20:18:42

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $_GET with no URL validation or whitelist check, then used verbatim in a header("Location: ...") call. This vulnerability is fixed in 3....

6.1

CVE-2026-35474

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.04.2026 21:13:25
  • Zuletzt bearbeitet 10.04.2026 20:24:16

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $_GET with no URL validation or whitelist check, then used verbatim in a header("Location:...

6.1

CVE-2026-35473

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.04.2026 21:12:35
  • Zuletzt bearbeitet 10.04.2026 20:24:49

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with met...

6.1

CVE-2026-35399

Exploit
  • EPSS 0.04%
  • Veröffentlicht 06.04.2026 21:06:33
  • Zuletzt bearbeitet 09.04.2026 17:39:04

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's brows...

6.1

CVE-2026-35472

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.04.2026 21:05:26
  • Zuletzt bearbeitet 09.04.2026 17:38:02

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with met...

6.1

CVE-2026-35398

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.04.2026 21:04:20
  • Zuletzt bearbeitet 09.04.2026 17:39:41

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with met...

6.1

CVE-2026-35396

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.04.2026 21:02:37
  • Zuletzt bearbeitet 09.04.2026 17:40:03

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with met...

8.8

CVE-2026-35395

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.04.2026 21:01:28
  • Zuletzt bearbeitet 09.04.2026 17:40:26

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA (Web gerenciador para instituições assistenciais) contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The id_memorando parameter is extracted from $_REQUES...

8.8

CVE-2026-33991

Exploit
  • EPSS 0.06%
  • Veröffentlicht 27.03.2026 22:10:51
  • Zuletzt bearbeitet 31.03.2026 20:57:55

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL queries on lines 16-17 without pr...

6.1

CVE-2026-33136

Exploit
  • EPSS 0.03%
  • Veröffentlicht 20.03.2026 10:41:05
  • Zuletzt bearbeitet 20.03.2026 19:23:40

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the listar_memorandos_ativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the scc...