📦 Wegia

This is a reflected cross-site scripting (XSS) vulnerability in WeGIA web management software that allows unauthenticated attackers to inject malicious JavaScript into users' browsers. Attackers can s...

WeGIA versions 3.4.12 and below contain an SQL injection vulnerability in the /pet/profile_pet.php endpoint via the id_pet parameter. This allows attackers to execute arbitrary SQL commands, potential...

CVE-2025-61603 is a critical SQL injection vulnerability in WeGIA web management software for charitable institutions. Attackers can execute arbitrary SQL commands through the /controle/control.php en...

This vulnerability allows attackers to bypass MIME type validation and upload malicious PHP files disguised as Excel files to WeGIA web servers. Successful exploitation enables remote code execution v...

CVE-2025-58159 is a critical remote code execution vulnerability in WeGIA web management software for charitable institutions. It allows attackers to upload malicious PHP files that execute arbitrary ...

This SQL injection vulnerability in WeGIA allows attackers to execute arbitrary SQL commands through the id_fichamedica parameter in the /html/saude/aplicar_medicamento.php endpoint. All WeGIA install...

CVE-2025-55167 is a critical SQL injection vulnerability in WeGIA web management software that allows attackers to execute arbitrary SQL commands through the id_dependente parameter in the /html/funci...

A SQL injection vulnerability in WeGIA's /controle/control.php endpoint allows attackers to execute arbitrary SQL commands via the cargo parameter. This can lead to complete database compromise includ...

A time-based blind SQL injection vulnerability exists in the WeGIA web manager for charitable institutions. Attackers can inject arbitrary SQL queries through the almox parameter of the /controle/rela...

CVE-2025-50201 is an unauthenticated OS command injection vulnerability in WeGIA web management software that allows attackers to execute arbitrary commands on the server with web server user privileg...

An unauthenticated SQL injection vulnerability in WeGIA versions up to 3.3.0 allows attackers to execute arbitrary SQL commands via the /html/socio/sistema/get_socios.php endpoint. This can lead to da...

A SQL injection vulnerability in WeGIA web management software allows attackers to manipulate database queries through the nextPage parameter. This enables unauthorized access to sensitive database in...

This vulnerability allows unauthenticated attackers to reset any user's password without verifying the old password, including admin accounts. It affects WeGIA web management software for charitable i...

A SQL injection vulnerability in WeGIA versions before 3.2.8 allows attackers to execute arbitrary SQL commands through the id_funcionario parameter in the /WeGIA/html/funcionario/remuneracao.php endp...

A SQL injection vulnerability in WeGIA's personalizacao_upload.php endpoint allows authenticated attackers to execute arbitrary SQL queries. This can lead to unauthorized access to sensitive database ...

A SQL injection vulnerability in WeGIA's historico_paciente.php endpoint allows attackers to execute arbitrary SQL queries. This could lead to unauthorized access to sensitive patient and institutiona...

A SQL injection vulnerability in WeGIA's restaurar_produto_desocultar.php endpoint allows authenticated attackers to execute arbitrary SQL queries. This can lead to unauthorized access to sensitive da...

CVE-2025-26612 is a critical SQL injection vulnerability in WeGIA's adicionar_almoxarife.php endpoint that allows attackers to execute arbitrary SQL queries. This could lead to unauthorized access to ...

A path traversal vulnerability in WeGIA's examples.php endpoint allows attackers to read the config.php file, which contains database credentials. This affects all WeGIA users running vulnerable versi...

A SQL injection vulnerability in WeGIA's informacao_adicional.php endpoint allows attackers to execute arbitrary SQL queries. This could lead to unauthorized access to sensitive database information. ...

An authenticated SQL injection vulnerability in WeGIA's Atendido_ocorrenciaControle endpoint allows attackers to extract sensitive data from the database. This affects all WeGIA installations prior to...

CVE-2025-67501 is an SQL injection vulnerability in WeGIA web management software that allows attackers to execute arbitrary SQL commands through the id_categoria parameter. This affects all WeGIA ins...

A SQL injection vulnerability in WeGIA's /html/funcionario/dependente_documento.php endpoint allows attackers to execute arbitrary SQL commands via the id_dependente parameter. This can lead to data t...

A SQL injection vulnerability in WeGIA's /html/funcionario/dependente_listar.php endpoint allows attackers to execute arbitrary SQL commands via the id_funcionario parameter. This can lead to data the...

CVE-2025-62179 is a SQL injection vulnerability in WeGIA web management software that allows attackers to execute arbitrary SQL commands through the cpf parameter in the /html/funcionario/cadastro_fun...

CVE-2025-61665 is a broken access control vulnerability in WeGIA, an open-source web manager for charitable institutions. Unauthenticated attackers can directly access the get_relatorios_socios.php en...

This SQL injection vulnerability in WeGIA allows attackers to execute arbitrary SQL commands through the control.php endpoint. It affects all WeGIA installations prior to version 3.5.0, potentially co...

A SQL injection vulnerability in WeGIA versions 3.4.10 and earlier allows authenticated attackers to execute arbitrary SQL queries through the id_anexo parameter in the /WeGIA/html/memorando/exibe_ane...

This SQL injection vulnerability in WeGIA's employee dependent removal endpoint allows attackers to execute arbitrary SQL commands by manipulating the id_funcionario parameter. Attackers can potential...

CVE-2025-55171 is an authentication bypass vulnerability in WeGIA web management software that allows unauthenticated attackers to delete arbitrary image files. This affects all WeGIA installations pr...

A SQL injection vulnerability in WeGIA web management software allows authenticated attackers to execute arbitrary SQL queries through the idatendido parameter in the Profile_Atendido.php endpoint. Th...

This SQL injection vulnerability in WeGIA allows attackers to manipulate database queries through the idatendido_familiares parameter, potentially accessing sensitive information like user data and ta...

A SQL injection vulnerability in WeGIA web management software allows attackers to manipulate database queries through the idatendido_familiares parameter. This enables unauthorized access to sensitiv...

A SQL injection vulnerability in WeGIA versions before 3.4.5 allows attackers to manipulate database queries through the id_funcionario parameter in the /html/saude/profile_paciente.php endpoint. This...

This SQL injection vulnerability in WeGIA allows attackers to execute arbitrary SQL commands through the 'id_socio' parameter in the processa_deletar_socio.php endpoint. This can lead to data theft, m...

WeGIA web manager for charitable institutions has a vulnerability where excessively long HTTP GET requests to a specific URL can cause high resource consumption, leading to Denial of Service (DoS). At...

CVE-2025-27419 is a denial-of-service vulnerability in WeGIA web management software that allows unauthenticated attackers to crash servers through aggressive spidering. The vulnerability affects all ...

This SQL injection vulnerability in WeGIA allows authenticated attackers to execute arbitrary SQL queries through the adicionar_tipo_exame.php endpoint, potentially accessing sensitive database inform...

CVE-2025-26614 is a SQL injection vulnerability in WeGIA's deletar_documento.php endpoint that allows authenticated attackers to execute arbitrary SQL queries. This can lead to unauthorized access, da...

A SQL injection vulnerability in WeGIA's deletar_cargo.php endpoint allows authenticated attackers to execute arbitrary SQL queries. This could lead to unauthorized access to sensitive database inform...

A SQL injection vulnerability in WeGIA's deletar_permissao.php endpoint allows authenticated attackers to execute arbitrary SQL queries. This could lead to data theft, modification, or deletion of sen...

A SQL injection vulnerability in WeGIA's salvar_cargo.php endpoint allows authenticated attackers to execute arbitrary SQL queries. This could lead to data theft, modification, or deletion of sensitiv...

Wegia versions below 3.2.0 contain a cross-site scripting vulnerability in the employee documents page that allows attackers to inject malicious scripts via the 'id' parameter. This affects all users ...

A stored XSS vulnerability in WeGIA's CobrancaController.php endpoint allows attackers to inject malicious scripts via the local_recepcao parameter. These scripts execute automatically when users acce...

A stored XSS vulnerability in WeGIA's cadastrarSocio.php endpoint allows attackers to inject malicious scripts into the local_recepcao parameter. These scripts execute automatically when users access ...

A SQL injection vulnerability in WeGIA's /dao/verificar_recursos_cargo.php endpoint allows attackers to execute arbitrary SQL commands through the cargo parameter. This can lead to database compromise...

A SQL injection vulnerability in WeGIA's dependente_listar_um.php endpoint allows attackers to execute arbitrary SQL commands through the id_dependente parameter. This can lead to database compromise ...

This Cross-Site Scripting (XSS) vulnerability in WeGIA's file upload functionality allows attackers to upload malicious files containing JavaScript code. When processed by the system, this code execut...

This vulnerability in WeGIA 3.2.0 allows unauthorized users to change passwords without proper permission checks. It affects all installations of WeGIA 3.2.0 before commit 3998672. Attackers can explo...

WeGIA v3.2.0 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unintended actions on the WeGIA application. This affects all...

WeGIA versions before 3.6.2 contain an open redirect vulnerability in the control.php endpoint. Attackers can manipulate the nextPage parameter to redirect users to malicious external websites, potent...

This CVE describes an Open Redirect vulnerability in WeGIA web manager for charitable institutions. Attackers can redirect users to malicious external websites via the /WeGIA/controle/control.php endp...

This CVE describes a clickjacking vulnerability in WeGIA web management software for charitable institutions. Attackers can embed WeGIA pages in malicious frames to trick users into unintended interac...

A stored cross-site scripting (XSS) vulnerability in WeGIA web manager allows attackers to inject malicious scripts into the 'Atendido' selection dropdown. This affects all users of WeGIA versions pri...

A stored cross-site scripting (XSS) vulnerability in WeGIA web manager allows attackers to inject malicious JavaScript into the adopters information table. Any user visiting the affected pages will au...

This CVE describes an open redirect vulnerability in WeGIA web management software for charitable institutions. Attackers can redirect users to malicious external websites via the /WeGIA/controle/cont...

This open redirect vulnerability in WeGIA allows attackers to redirect users to malicious external websites by manipulating the nextPage parameter. It affects all WeGIA installations prior to version ...

WeGIA versions before 3.6.2 contain an open redirect vulnerability in the control.php endpoint. Attackers can manipulate the nextPage parameter to redirect users to malicious external websites, potent...

This stored XSS vulnerability in WeGIA allows attackers to inject malicious scripts into employee selection dropdowns, which execute when administrators view the password configuration page. All users...

This reflected cross-site scripting (XSS) vulnerability in WeGIA allows attackers to inject malicious scripts via the action parameter in the editar_info_pessoal.php endpoint. When exploited, this can...

WeGIA versions before 3.5.1 contain a reflected cross-site scripting (XSS) vulnerability in the editar_info_pessoal.php endpoint. Attackers can inject malicious scripts via the sql parameter, potentia...

CVE-2025-62358 is a reflected cross-site scripting (XSS) vulnerability in WeGIA web management software that allows attackers to inject malicious JavaScript via the log parameter in configuracao_geral...

A reflected cross-site scripting (XSS) vulnerability in WeGIA versions before 3.5.0 allows attackers to inject malicious scripts via the id_pet parameter in the /pet/profile_pet.php endpoint. This cou...

A reflected cross-site scripting (XSS) vulnerability in WeGIA's listar_despachos.php endpoint allows attackers to inject malicious scripts via the id_memorando parameter. This could enable session hij...

WeGIA versions before 3.4.7 contain a reflected cross-site scripting vulnerability in the insere_despacho.php endpoint that allows attackers to inject malicious scripts via the cpf parameter. This aff...

A reflected cross-site scripting (XSS) vulnerability in WeGIA web management software allows attackers to inject malicious scripts via the msg_e parameter in cargos.php. This could enable session hija...

A reflected cross-site scripting (XSS) vulnerability in WeGIA's pre_cadastro_adotante.php endpoint allows attackers to inject malicious scripts via the msg_e parameter. This affects all WeGIA installa...

A reflected cross-site scripting (XSS) vulnerability in WeGIA web management software allows attackers to inject malicious scripts via the 'err' parameter in the personalizacao_imagem.php endpoint. Th...

A reflected cross-site scripting (XSS) vulnerability in WeGIA versions before 3.4.6 allows attackers to inject malicious scripts via the msg_e parameter in the pre_cadastro_atendido.php endpoint. This...

A stored cross-site scripting (XSS) vulnerability in WeGIA's adicionar_especie.php endpoint allows attackers to inject malicious scripts via the 'especie' parameter. These scripts are stored on the se...

A reflected cross-site scripting (XSS) vulnerability in WeGIA's cadastro_adotante.php endpoint allows attackers to inject malicious scripts via the cpf parameter. This affects all WeGIA installations ...

A stored XSS vulnerability in WeGIA's control.php endpoint allows attackers to inject malicious scripts via the descricao_emergencia parameter. These scripts persist on the server and execute automati...

A reflected cross-site scripting (XSS) vulnerability in WeGIA web management software allows attackers to inject malicious scripts via the 'nome_car' parameter in the personalizacao_selecao.php endpoi...

This CVE describes an Open Redirect vulnerability in WeGIA web management software where attackers can manipulate the 'nextPage' parameter in control.php to redirect users to malicious websites. All W...

A reflected cross-site scripting (XSS) vulnerability exists in WeGIA's profile_familiar.php endpoint via the id_dependente parameter. Attackers can inject malicious scripts that execute in victims' br...

WeGIA versions before 3.2.8 have a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into web pages. These scripts execute in users' browsers when they view c...

A stored Cross-Site Scripting (XSS) vulnerability in WeGIA web management software allows attackers to inject malicious scripts that are permanently stored on the server and executed in users' browser...

A stored XSS vulnerability in WeGIA's 'adicionar_tipo_docs_atendido.php' endpoint allows attackers to inject malicious scripts via the 'tipo' parameter. These scripts persist on the server and execute...

This stored XSS vulnerability in WeGIA allows attackers to inject malicious scripts via the tipo parameter in the adicionar_tipo_atendido.php endpoint. The scripts persist on the server and execute au...

This CVE describes an Open Redirect vulnerability in WeGIA web management software for charitable institutions. Authenticated users can be tricked into visiting malicious external websites via manipul...