Wegia

Wegia

179 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.6

CVE-2026-40283

Exploit
  • EPSS 0.2%
  • Veröffentlicht 17.04.2026 20:03:14
  • Zuletzt bearbeitet 27.04.2026 15:17:29

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript via the "Nome" field in the "Informações Pacientes" page. T...

6.1

CVE-2026-35475

Exploit
  • EPSS 0.19%
  • Veröffentlicht 06.04.2026 21:17:04
  • Zuletzt bearbeitet 10.04.2026 20:18:42

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $_GET with no URL validation or whitelist check, then used verbatim in a header("Location: ...") call. This vulnerability is fixed in 3....

6.1

CVE-2026-35474

Exploit
  • EPSS 0.18%
  • Veröffentlicht 06.04.2026 21:13:25
  • Zuletzt bearbeitet 10.04.2026 20:24:16

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $_GET with no URL validation or whitelist check, then used verbatim in a header("Location:...

6.1

CVE-2026-35473

Exploit
  • EPSS 0.18%
  • Veröffentlicht 06.04.2026 21:12:35
  • Zuletzt bearbeitet 10.04.2026 20:24:49

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with met...

6.1

CVE-2026-35399

Exploit
  • EPSS 0.29%
  • Veröffentlicht 06.04.2026 21:06:33
  • Zuletzt bearbeitet 09.04.2026 17:39:04

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's brows...

6.1

CVE-2026-35472

Exploit
  • EPSS 0.22%
  • Veröffentlicht 06.04.2026 21:05:26
  • Zuletzt bearbeitet 09.04.2026 17:38:02

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with met...

6.1

CVE-2026-35398

Exploit
  • EPSS 0.23%
  • Veröffentlicht 06.04.2026 21:04:20
  • Zuletzt bearbeitet 09.04.2026 17:39:41

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with met...

6.1

CVE-2026-35396

Exploit
  • EPSS 0.22%
  • Veröffentlicht 06.04.2026 21:02:37
  • Zuletzt bearbeitet 09.04.2026 17:40:03

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with met...

8.8

CVE-2026-35395

Exploit
  • EPSS 0.39%
  • Veröffentlicht 06.04.2026 21:01:28
  • Zuletzt bearbeitet 09.04.2026 17:40:26

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA (Web gerenciador para instituições assistenciais) contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The id_memorando parameter is extracted from $_REQUES...

8.8

CVE-2026-33991

Exploit
  • EPSS 0.39%
  • Veröffentlicht 27.03.2026 22:10:51
  • Zuletzt bearbeitet 31.03.2026 20:57:55

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL queries on lines 16-17 without pr...