Labredescefetrj Wegia vulnerabilities
173 known vulnerabilities affecting labredescefetrj/wegia.
Total CVEs
173
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL36HIGH44MEDIUM92
Vulnerabilities
Page 2 of 9
CVE-2025-61605P2CRITICALCVSS 9.8fixed in 3.5.02025-10-02
CVE-2025-61605 [CRITICAL] CWE-89 CVE-2025-61605: WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and bel
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profile_pet.php endpoint, specifically in the id_pet parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integr
nvd
CVE-2026-35395P2HIGHCVSS 8.8fixed in 3.6.92026-04-06
CVE-2026-35395 [HIGH] CWE-89 CVE-2026-35395: WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA (Web gerenciador para inst
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA (Web gerenciador para instituições assistenciais) contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The id_memorando parameter is extracted from $_REQUEST without validation and directly interpolated into SQL queries, allowing any authenticated user to exec
nvd
CVE-2025-53527P2CRITICALCVSS 9.8v>= 3.3.3, < 3.4.12025-07-07
CVE-2025-53527 [CRITICAL] CWE-89 CVE-2025-53527: WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability w
WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter of the /controle/relatorio_geracao.php endpoint. This issue allows attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or further exploitation depending on database configurat
nvd
CVE-2026-31896P3CRITICALCVSS 9.8fixed in 3.6.62026-03-11
CVE-2026-31896 [CRITICAL] CWE-89 CVE-2026-31896: WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection
WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The remover_produto_ocultar.php script uses extract($_REQUEST) to populate local variables and then directly concatenates these variables into a SQL query executed via PDO::query. This allows an authent
nvd
CVE-2025-54062P2HIGHCVSS 8.8fixed in 3.4.62025-07-17
CVE-2025-54062 [HIGH] CWE-89 CVE-2025-54062: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `/html/funcionario/profile_dependente.php` endpoint, specifically in the `id_dependente` parameter. This vulnerability allows attackers to execute arbitrary SQL commands,
nvd
CVE-2026-33134P3HIGHCVSS 8.8fixed in 3.6.62026-03-20
CVE-2026-33134 [HIGH] CWE-89 CVE-2026-33134: WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticate
WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurar_produto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the id_produto GET parameter, leading to full database compromise. In the script /htm
nvd
CVE-2025-26608P3CRITICALCVSS 9.8fixed in 3.2.132025-02-18
CVE-2025-26608 [CRITICAL] CWE-89 CVE-2025-26608: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQ
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `dependente_docdependente.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue
nvd
CVE-2025-26607P3CRITICALCVSS 9.8fixed in 3.2.132025-02-18
CVE-2025-26607 [CRITICAL] CWE-89 CVE-2025-26607: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQ
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `documento_excluir.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has be
nvd
CVE-2025-26606P3CRITICALCVSS 9.8fixed in 3.2.132025-02-18
CVE-2025-26606 [CRITICAL] CWE-89 CVE-2025-26606: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQ
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `informacao_adicional.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has
nvd
CVE-2025-24957P2CRITICALCVSS 9.8fixed in 3.2.122025-02-03
CVE-2025-24957 [CRITICAL] CWE-89 CVE-2025-24957: WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in
WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_socio.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12
nvd
CVE-2025-26611P3CRITICALCVSS 9.8fixed in 3.2.132025-02-18
CVE-2025-26611 [CRITICAL] CWE-89 CVE-2025-26611: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQ
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `remover_produto.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been
nvd
CVE-2025-26612P3CRITICALCVSS 9.8fixed in 3.2.132025-02-18
CVE-2025-26612 [CRITICAL] CWE-89 CVE-2025-26612: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQ
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `adicionar_almoxarife.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has
nvd
CVE-2025-24906P3CRITICALCVSS 9.8fixed in 3.2.122025-02-03
CVE-2025-24906 [CRITICAL] CWE-89 CVE-2025-24906: WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in
WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.
nvd
CVE-2025-62177P3HIGHCVSS 8.8fixed in 3.5.12025-10-13
CVE-2025-62177 [HIGH] CWE-89 CVE-2025-62177: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prio
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar.php endpoint, specifically in the id_funcionario parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confid
nvd
CVE-2025-62179P3HIGHCVSS 8.8fixed in 3.5.12025-10-13
CVE-2025-62179 [HIGH] CWE-89 CVE-2025-62179: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prio
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastro_funcionario_pessoa_existente.php endpoint, specifically in the cpf parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising t
nvd
CVE-2025-23218P3CRITICALCVSS 9.8fixed in 3.2.102025-01-20
CVE-2025-23218 [CRITICAL] CWE-89 CVE-2025-23218: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_especie.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sen
nvd
CVE-2025-23219P3CRITICALCVSS 9.8fixed in 3.2.102025-01-20
CVE-2025-23219 [CRITICAL] CWE-89 CVE-2025-23219: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensiti
nvd
CVE-2025-23220P3CRITICALCVSS 9.8fixed in 3.2.102025-01-20
CVE-2025-23220 [CRITICAL] CWE-89 CVE-2025-23220: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_raca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensit
nvd
CVE-2025-27096P3CRITICALCVSS 9.8fixed in 3.2.142025-02-20
CVE-2025-27096 [CRITICAL] CWE-89 CVE-2025-27096: WeGIA is a Web Manager for Institutions with a focus on Portuguese language. A SQL Injection vulnera
WeGIA is a Web Manager for Institutions with a focus on Portuguese language. A SQL Injection vulnerability was discovered in the WeGIA application, personalizacao_upload.php endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3
nvd
CVE-2025-26610P3CRITICALCVSS 9.8fixed in 3.2.132025-02-18
CVE-2025-26610 [CRITICAL] CWE-89 CVE-2025-26610: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQ
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `restaurar_produto_desocultar.php` endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has
nvd