Labredescefetrj Wegia vulnerabilities
173 known vulnerabilities affecting labredescefetrj/wegia.
Total CVEs
173
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL36HIGH44MEDIUM92
Vulnerabilities
Page 1 of 9
CVE-2025-62360P2HIGHCVSS 8.8PoCfixed in 3.5.12025-10-13
CVE-2025-62360 [HIGH] CWE-89 CVE-2025-62360: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_documento.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confi
nvd
CVE-2026-28409P2HIGHCVSS 7.2PoCfixed in 3.6.52026-02-27
CVE-2026-28409 [HIGH] CWE-78 CVE-2026-28409: WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code E
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution (RCE) vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access (which can be obtained via the previously reported Authentication Bypass) can execute arbitrary OS commands on the s
nvd
CVE-2025-50201P2CRITICALCVSS 9.8fixed in 3.4.22025-06-19
CVE-2025-50201 [CRITICAL] CWE-78 CVE-2025-50201: WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection
WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debug_info.php endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a shell command on the server's operating system. This flaw allows an unauthentica
nvd
CVE-2025-27140P2CRITICALCVSS 9.8fixed in 3.2.152025-02-24
CVE-2025-27140 [CRITICAL] CWE-78 CVE-2025-27140: WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discov
WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, `importar_dump.php` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. The command is basically a command to move a temporary file, so a webshell upload
nvd
CVE-2026-28411P2CRITICALCVSS 9.8fixed in 3.6.52026-02-27
CVE-2026-28411 [CRITICAL] CWE-288 CVE-2026-28411: WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `ex
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `extract()` function on the `$_REQUEST` superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass authentication checks, allowing unauthorized access to
nvd
CVE-2025-53529P2CRITICALCVSS 9.8fixed in 3.4.32025-07-07
CVE-2025-53529 [CRITICAL] CWE-89 CVE-2025-53529: WeGIA is a web manager for charitable institutions. An SQL Injection vulnerability was identified in
WeGIA is a web manager for charitable institutions. An SQL Injection vulnerability was identified in the /html/funcionario/profile_funcionario.php endpoint. The id_funcionario parameter is not properly sanitized or validated before being used in a SQL query, allowing an unauthenticated attacker to inject arbitrary SQL commands. The vulnerability is
nvd
CVE-2025-26613P2CRITICALCVSS 9.8fixed in 3.2.142025-02-18
CVE-2025-26613 [CRITICAL] CWE-78 CVE-2025-26613: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. An O
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. An OS Command Injection vulnerability was discovered in the WeGIA application, `gerenciar_backup.php` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. This issue has been addressed in version 3.2.14 and all users a
nvd
CVE-2025-30364P2CRITICALCVSS 9.8fixed in 3.2.82025-03-27
CVE-2025-30364 [CRITICAL] CWE-89 CVE-2025-30364: WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/funcionario/remuneracao.php, in the id_funcionario parameter. This vulnerability allows the execution of arbitrary SQL commands, which can compromise the confidentiality, integrity, and availability
nvd
CVE-2026-28408P2CRITICALCVSS 9.8fixed in 3.6.52026-02-27
CVE-2026-28408 [CRITICAL] CWE-287 CVE-2026-28408: WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionar_
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionar_tipo_docs_atendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like Postman or the file's URL on the web to access featu
nvd
CVE-2025-46828P2CRITICALCVSS 9.8fixed in 3.3.12025-05-07
CVE-2025-46828 [CRITICAL] CWE-89 CVE-2025-46828: WeGIA is a web manager for charitable institutions. An unauthenticated SQL Injection vulnerability
WeGIA is a web manager for charitable institutions. An unauthenticated SQL Injection vulnerability was identified in versions up to and including 3.3.0 in the endpoint `/html/socio/sistema/get_socios.php`, specifically in the query parameter. This issue allows attackers to inject and execute arbitrary SQL statements against the application's underlyi
nvd
CVE-2025-55169P3MEDIUMCVSS 6.5PoCfixed in 3.4.82025-08-12
CVE-2025-55169 [MEDIUM] CWE-22 CVE-2025-55169: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to local files in the server a
nvd
CVE-2025-22133P2CRITICALCVSS 9.9fixed in 3.4.112025-01-07
CVE-2025-22133 [CRITICAL] CWE-94 CVE-2025-22133: WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was ide
WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar, which can then be executed by the server. This vulnera
nvd
CVE-2025-30365P2CRITICALCVSS 9.8fixed in 3.2.82025-03-27
CVE-2025-30365 [CRITICAL] CWE-89 CVE-2025-30365: WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/socio/sistema/controller/query_geracao_auto.php, specifically in the query parameter. This vulnerability allows the execution of arbitrary SQL commands, compromising the confidentiality, integrity, a
nvd
CVE-2025-30361P2CRITICALCVSS 9.8fixed in 3.2.62025-03-27
CVE-2025-30361 [CRITICAL] CWE-287 CVE-2025-30361: WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versi
WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass authentication and authorization mechanisms to reset t
nvd
CVE-2025-53091P2CRITICALCVSS 9.8v= 3.3.32025-06-27
CVE-2025-53091 [CRITICAL] CWE-89 CVE-2025-53091: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in version 3.3.3 the almox parameter of the `/controle/getProdutosPorAlmox.php` endpoint. This issue allows any unauthenticated attacker to inject arbitrary SQL queries, potentially l
nvd
CVE-2025-61603P2CRITICALCVSS 9.8fixed in 3.5.02025-10-02
CVE-2025-61603 [CRITICAL] CWE-89 CVE-2025-61603: WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injecti
WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability
nvd
CVE-2025-55167P2CRITICALCVSS 9.8fixed in 3.4.82025-08-12
CVE-2025-55167 [CRITICAL] CWE-89 CVE-2025-55167: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_remover.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, co
nvd
CVE-2025-53937P2CRITICALCVSS 9.8fixed in 3.4.52025-07-16
CVE-2025-53937 [CRITICAL] CWE-89 CVE-2025-53937: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the `/controle/control.php` endpoint, specifically in the `cargo` parameter, of WeGIA prior to version 3.4.5. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the
nvd
CVE-2025-55168P2CRITICALCVSS 9.8fixed in 3.4.82025-08-12
CVE-2025-55168 [CRITICAL] CWE-89 CVE-2025-55168: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplicar_medicamento.php endpoint, specifically in the id_fichamedica parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compro
nvd
CVE-2025-53823P2HIGHCVSS 8.8fixed in 3.4.52025-07-14
CVE-2025-53823 [HIGH] CWE-89 CVE-2025-53823: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Versions prior to 3.4.5 have a SQL Injection vulnerability in the endpoint `/WeGIA/html/socio/sistema/processa_deletar_socio.php`, in the `id_socio` parameter. This vulnerability allows the execution of arbitrary SQL commands, which can compromise t
nvd
1 / 9Next →