Filtered by vendor Wegia
Subscriptions
Total
119 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55170 | 1 Wegia | 1 Wegia | 2025-08-14 | 6.5 Medium |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting (XSS) vulnerability was identified in the /html/alterar_senha.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the verificacao and redir_config parameter. This issue has been patched in version 3.4.8. | ||||
| CVE-2025-55171 | 1 Wegia | 1 Wegia | 2025-08-14 | 7.5 High |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, the application does not check authentication at endpoint /html/personalizacao_remover.php allowing anonymous attacker (without login) to delete any Image files at endpoint /html/personalizacao_remover.php by defining imagem_0 as image id to delete. This issue has been patched in version 3.4.8. | ||||
| CVE-2025-55169 | 1 Wegia | 1 Wegia | 2025-08-14 | 6.5 Medium |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to local files in the server and sensitive information stored in config.php. config.php contains information that could allow direct access to the database. This issue has been patched in version 3.4.8. | ||||
| CVE-2025-55168 | 1 Wegia | 1 Wegia | 2025-08-14 | 9.8 Critical |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplicar_medicamento.php endpoint, specifically in the id_fichamedica parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue has been patched in version 3.4.8. | ||||
| CVE-2025-55167 | 1 Wegia | 1 Wegia | 2025-08-13 | N/A |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_remover.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue has been patched in version 3.4.8. | ||||
| CVE-2025-54079 | 1 Wegia | 1 Wegia | 2025-07-30 | 8.8 High |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the endpoint `/html/atendido/Profile_Atendido.php`, in the `idatendido` parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. Version 3.4.6 fixes the issue. | ||||
| CVE-2025-54078 | 1 Wegia | 1 Wegia | 2025-07-30 | 6.5 Medium |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao_imagem.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `err` parameter. Version 3.4.6 fixes the issue. | ||||
| CVE-2025-54077 | 1 Wegia | 1 Wegia | 2025-07-30 | 6.5 Medium |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `err` parameter. Version 3.4.6 fixes the issue. | ||||
| CVE-2025-54076 | 1 Wegia | 1 Wegia | 2025-07-30 | 6.5 Medium |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `pre_cadastro_atendido.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `msg_e` parameter. Version 3.4.6 fixes the issue. | ||||
| CVE-2025-54062 | 1 Wegia | 1 Wegia | 2025-07-30 | 8.8 High |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `/html/funcionario/profile_dependente.php` endpoint, specifically in the `id_dependente` parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. Version 3.4.6 fixes the issue. | ||||
| CVE-2025-54061 | 1 Wegia | 1 Wegia | 2025-07-30 | 8.8 High |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_editarDoc.php` endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. Version 3.4.6 fixes the issue. | ||||
| CVE-2025-54060 | 1 Wegia | 1 Wegia | 2025-07-30 | 8.8 High |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_editarInfoPessoal.php` endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. Version 3.4.6 fixes the issue. | ||||
| CVE-2025-54058 | 1 Wegia | 1 Wegia | 2025-07-30 | 8.8 High |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_editarEndereco.php` endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. Version 3.4.6 fixes the issue. | ||||
| CVE-2025-53946 | 1 Wegia | 1 Wegia | 2025-07-30 | 8.8 High |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.5 in the `id_funcionario` parameter of the `/html/saude/profile_paciente.php` endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. Version 3.4.5 fixes the issue. | ||||
| CVE-2025-53930 | 1 Wegia | 1 Wegia | 2025-07-25 | 5.4 Medium |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_especie.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts into the `especie` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. Version 3.4.5 fixes the issue. | ||||
| CVE-2025-53929 | 1 Wegia | 1 Wegia | 2025-07-25 | 5.4 Medium |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_cor.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts into the `cor` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page `cadastro_pet.php` is accessed by users, posing a significant security risk. Version 3.4.5 fixes the issue. | ||||
| CVE-2025-53938 | 1 Wegia | 1 Wegia | 2025-07-25 | 7.5 High |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the `/dao/verificar_recursos_cargo.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows unauthenticated users to access protected application functionalities and retrieve sensitive information by sending crafted HTTP requests without any session cookies or authentication tokens. Version 3.4.5 fixes the issue. | ||||
| CVE-2025-53937 | 1 Wegia | 1 Wegia | 2025-07-25 | 9.8 Critical |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the `/controle/control.php` endpoint, specifically in the `cargo` parameter, of WeGIA prior to version 3.4.5. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. Version 3.4.5 fixes the issue. | ||||
| CVE-2025-53936 | 1 Wegia | 1 Wegia | 2025-07-25 | 6.1 Medium |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `personalizacao_selecao.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `nome_car` parameter. Version 3.4.5 fixes the issue. | ||||
| CVE-2025-53935 | 1 Wegia | 1 Wegia | 2025-07-25 | 6.1 Medium |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `personalizacao_selecao.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `id` parameter. Version 3.4.5 fixes the issue. | ||||