Wegia

Wegia

147 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-61606

Exploit
  • EPSS 0.04%
  • Veröffentlicht 02.10.2025 20:25:58
  • Zuletzt bearbeitet 07.10.2025 15:41:49

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter (metodo=listarUmnomeClasse=F...

9.8

CVE-2025-61605

Exploit
  • EPSS 0.04%
  • Veröffentlicht 02.10.2025 20:13:02
  • Zuletzt bearbeitet 07.10.2025 15:42:02

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profile_pet.php endpoint, specifically in the id_pet parameter. This vulner...

7.1

CVE-2025-61604

Exploit
  • EPSS 0.03%
  • Veröffentlicht 02.10.2025 20:09:23
  • Zuletzt bearbeitet 07.10.2025 15:42:57

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery (CSRF) vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF pr...

9.8

CVE-2025-61603

Exploit
  • EPSS 0.04%
  • Veröffentlicht 02.10.2025 19:53:36
  • Zuletzt bearbeitet 07.10.2025 15:43:15

WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attack...

8.8

CVE-2025-59939

Exploit
  • EPSS 0.05%
  • Veröffentlicht 27.09.2025 01:15:43
  • Zuletzt bearbeitet 06.10.2025 15:05:36

WeGIA is a Web manager for charitable institutions. Prior to version 3.5.0, WeGIA is vulnerable to SQL Injection attacks in the control.php endpoint with the following parameters: nomeClasse=ProdutoControle&metodo=excluir&id_produto=[malicious comman...

8.8

CVE-2025-58745

Exploit
  • EPSS 0.23%
  • Veröffentlicht 08.09.2025 22:40:56
  • Zuletzt bearbeitet 17.09.2025 16:24:10

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint `/html/socio/sistema/controller/controla_x...

8.2

CVE-2025-58454

Exploit
  • EPSS 0.05%
  • Veröffentlicht 08.09.2025 22:35:04
  • Zuletzt bearbeitet 17.09.2025 16:29:29

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listar_despachos.php, in the id_memorando parameter. This vulnerability allow an ...

8.2

CVE-2025-58453

Exploit
  • EPSS 0.05%
  • Veröffentlicht 08.09.2025 22:28:40
  • Zuletzt bearbeitet 17.09.2025 16:31:24

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior in the endpoint /WeGIA/html/memorando/exibe_anexo.php, in the id_anexo parameter. This vulnerability allow an authoriz...

6.1

CVE-2025-58452

Exploit
  • EPSS 0.05%
  • Veröffentlicht 08.09.2025 22:26:24
  • Zuletzt bearbeitet 17.09.2025 16:35:57

WeGIA is a Web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the listar_despachos.php endpoint of the WeGIA application prior to version 3.4.11. This vulnerability allows attackers to inje...

8.8

CVE-2025-58159

Exploit
  • EPSS 0.38%
  • Veröffentlicht 29.08.2025 22:15:12
  • Zuletzt bearbeitet 24.09.2025 18:36:12

WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary file...