Wegia

Wegia

162 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-22599

Exploit
  • EPSS 0.72%
  • Veröffentlicht 10.01.2025 16:15:30
  • Zuletzt bearbeitet 09.04.2025 18:27:07

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c pa...

6.5

CVE-2025-22600

Exploit
  • EPSS 0.72%
  • Veröffentlicht 10.01.2025 16:15:30
  • Zuletzt bearbeitet 09.04.2025 18:26:47

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_doacao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts ...

6.1

CVE-2025-22143

Exploit
  • EPSS 0.77%
  • Veröffentlicht 08.01.2025 20:15:30
  • Zuletzt bearbeitet 13.02.2025 18:57:56

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the listar_permissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in...

8.8

CVE-2025-22141

Exploit
  • EPSS 0.36%
  • Veröffentlicht 08.01.2025 19:15:39
  • Zuletzt bearbeitet 09.04.2025 18:28:02

WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL comm...

6.1

CVE-2025-22139

Exploit
  • EPSS 0.57%
  • Veröffentlicht 08.01.2025 19:15:38
  • Zuletzt bearbeitet 09.04.2025 18:28:51

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_geral.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts i...

8.8

CVE-2025-22140

Exploit
  • EPSS 0.36%
  • Veröffentlicht 08.01.2025 19:15:38
  • Zuletzt bearbeitet 09.04.2025 18:28:25

WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute a...

4.8

CVE-2025-22132

Exploit
  • EPSS 0.19%
  • Veröffentlicht 07.01.2025 22:15:31
  • Zuletzt bearbeitet 13.02.2025 18:55:14

WeGIA is a web manager for charitable institutions. A Cross-Site Scripting (XSS) vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. By uploading a file containing malic...

9.9

CVE-2025-22133

Exploit
  • EPSS 0.42%
  • Veröffentlicht 07.01.2025 22:15:31
  • Zuletzt bearbeitet 09.04.2025 18:29:07

WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing ...

7.5

CVE-2024-53473

Exploit
  • EPSS 1.12%
  • Veröffentlicht 07.12.2024 23:15:34
  • Zuletzt bearbeitet 09.04.2025 18:29:29

WeGIA 3.2.0 before 3998672 does not verify permission to change a password.

6.1

CVE-2024-53470

Exploit
  • EPSS 0.17%
  • Veröffentlicht 05.12.2024 16:15:25
  • Zuletzt bearbeitet 09.04.2025 18:30:08

Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/gateway_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter.