cbcvebase.

Labredescefetrj Wegia vulnerabilities

173 known vulnerabilities affecting labredescefetrj/wegia.

Total CVEs
173
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL36HIGH44MEDIUM92

Vulnerabilities

Page 3 of 9
CVE-2025-24905P3CRITICALCVSS 9.8fixed in 3.2.122025-02-03
CVE-2025-24905 [CRITICAL] CWE-89 CVE-2025-24905: WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_codigobarras_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version
nvd
CVE-2025-57761P3HIGHCVSS 8.8fixed in 3.4.102025-08-21
CVE-2025-57761 [HIGH] CWE-89 CVE-2025-57761: WeGIA is a Web manager for charitable institutions. Prior to 3.4.10, there is a SQL Injection vulner WeGIA is a Web manager for charitable institutions. Prior to 3.4.10, there is a SQL Injection vulnerability in the /html/funcionario/dependente_remover.php endpoint, specifically in the id_funcionario parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the da
nvd
CVE-2025-59939P3HIGHCVSS 8.8fixed in 3.5.02025-09-27
CVE-2025-59939 [HIGH] CWE-89 CVE-2025-59939: WeGIA is a Web manager for charitable institutions. Prior to version 3.5.0, WeGIA is vulnerable to S WeGIA is a Web manager for charitable institutions. Prior to version 3.5.0, WeGIA is vulnerable to SQL Injection attacks in the control.php endpoint with the following parameters: nomeClasse=ProdutoControle&metodo=excluir&id_produto=[malicious command]. It is necessary to apply prepared statements methods, sanitization, and validations on theid_produto
nvd
CVE-2026-40285P3HIGHCVSS 8.8fixed in 3.6.102026-04-17
CVE-2026-40285 [HIGH] CWE-89 CVE-2026-40285: WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpf_usuario POST parameter overwrites the session-stored user identity via extract($_REQUEST) in DespachoControle::verificarDespacho(), and the attacker-controlled value is then interpolated directly in
nvd
CVE-2025-26609P3CRITICALCVSS 9.8fixed in 3.2.132025-02-18
CVE-2025-26609 [CRITICAL] CWE-89 CVE-2025-26609: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQ WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `familiar_docfamiliar.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has
nvd
CVE-2025-26617P3CRITICALCVSS 9.8fixed in 3.2.142025-02-18
CVE-2025-26617 [CRITICAL] CWE-89 CVE-2025-26617: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQ WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `historico_paciente.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has b
nvd
CVE-2025-30367P3CRITICALCVSS 9.8fixed in 3.2.62025-03-27
CVE-2025-30367 [CRITICAL] CWE-89 CVE-2025-30367: WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. Version 3.2.
nvd
CVE-2026-31895P3HIGHCVSS 8.8fixed in 3.6.62026-03-11
CVE-2026-31895 [HIGH] CWE-89 CVE-2026-31895: WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA (Web gerenciador p WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA (Web gerenciador para instituições assistenciais) contains a SQL injection vulnerability in html/matPat/restaurar_produto.php. The id_produto parameter from $_GET is directly interpolated into SQL queries without parameterization or sanitization. This vulnerability is fix
nvd
CVE-2025-54079P3HIGHCVSS 8.8fixed in 3.4.62025-07-18
CVE-2025-54079 [HIGH] CWE-89 CVE-2025-54079: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the endpoint `/html/atendido/Profile_Atendido.php`, in the `idatendido` parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing
nvd
CVE-2025-24902P3HIGHCVSS 8.8fixed in 3.2.122025-02-03
CVE-2025-24902 [HIGH] CWE-89 CVE-2025-24902: WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all us
nvd
CVE-2025-24958P3HIGHCVSS 8.8fixed in 3.2.122025-02-03
CVE-2025-24958 [HIGH] CWE-89 CVE-2025-24958: WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_tag.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all user
nvd
CVE-2025-24901P3HIGHCVSS 8.8fixed in 3.2.122025-02-03
CVE-2025-24901 [HIGH] CWE-89 CVE-2025-24901: WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_permissao.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and a
nvd
CVE-2025-54058P3HIGHCVSS 8.8fixed in 3.4.62025-07-17
CVE-2025-54058 [HIGH] CWE-89 CVE-2025-54058: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_editarEndereco.php` endpoint. This vulnerability allows attacker to manipulate SQL queries and acce
nvd
CVE-2025-54061P3HIGHCVSS 8.8fixed in 3.4.62025-07-17
CVE-2025-54061 [HIGH] CWE-89 CVE-2025-54061: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_editarDoc.php` endpoint. This vulnerability allows attacker to manipulate SQL queries and access se
nvd
CVE-2025-54060P3HIGHCVSS 8.8fixed in 3.4.62025-07-17
CVE-2025-54060 [HIGH] CWE-89 CVE-2025-54060: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_editarInfoPessoal.php` endpoint. This vulnerability allows attacker to manipulate SQL queries and a
nvd
CVE-2025-53946P3HIGHCVSS 8.8fixed in 3.4.52025-07-17
CVE-2025-53946 [HIGH] CWE-89 CVE-2025-53946: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.5 in the `id_funcionario` parameter of the `/html/saude/profile_paciente.php` endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database
nvd
CVE-2025-27133P3HIGHCVSS 8.8fixed in 3.2.152025-02-24
CVE-2025-27133 [HIGH] CWE-89 CVE-2025-27133: WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was discovered in WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was discovered in the WeGIA application prior to version 3.2.15 at the `adicionar_tipo_exame.php` endpoint. This vulnerability allows an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. Version 3.2.15 contains a patch for the
nvd
CVE-2025-26614P3HIGHCVSS 8.8fixed in 3.2.142025-02-18
CVE-2025-26614 [HIGH] CWE-89 CVE-2025-26614: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQ WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_documento.php` endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed
nvd
CVE-2025-26605P3HIGHCVSS 8.8fixed in 3.2.132025-02-18
CVE-2025-26605 [HIGH] CWE-89 CVE-2025-26605: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQ WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been address
nvd
CVE-2025-67501P3HIGHCVSS 8.8fixed in 3.5.52025-12-10
CVE-2025-67501 [HIGH] CWE-89 CVE-2025-67501: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Vers WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain an SQL Injection vulnerability in the /html/matPat/editar_categoria.php endpoint. The application fails to properly validate and sanitize user inputs in the id_categoria parameter, which allows attackers to inject malicious S
nvd
Labredescefetrj Wegia vulnerabilities | cvebase