CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24901 – SQL Injection endpoint 'deletar_permissao.php' parameter 'c', 'a', 'r' in WeGIA
https://notcve.org/view.php?id=CVE-2025-24901
03 Feb 2025 — WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_permissao.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jp48-94wm-3gmc • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24902 – SQL Injection endpoint 'salvar_cargo.php' parameter 'id_cargo' in WeGIA
https://notcve.org/view.php?id=CVE-2025-24902
03 Feb 2025 — WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-pg73-w9vx-8mgp • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24905 – SQL Injection endpoint 'get_codigobarras_cobranca.php' parameter 'codigo' in WeGIA
https://notcve.org/view.php?id=CVE-2025-24905
03 Feb 2025 — WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_codigobarras_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qjc6-5qv6-fr8m • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24906 – SQL Injection endpoint 'get_detalhes_cobranca.php' parameter 'codigo' in WeGIA
https://notcve.org/view.php?id=CVE-2025-24906
03 Feb 2025 — WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jpph-g9p7-9jrm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24957 – SQL Injection endpoint 'get_detalhes_socio.php' parameter 'id_socio' in WeGIA
https://notcve.org/view.php?id=CVE-2025-24957
03 Feb 2025 — WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_socio.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x28g-6228-99p9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24958 – SQL Injection endpoint 'salvar_tag.php' parameter 'id_tag' in WeGIA
https://notcve.org/view.php?id=CVE-2025-24958
03 Feb 2025 — WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_tag.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-2mhx-5998-46hx • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24020 – WeGIA Open Redirect vulnerability
https://notcve.org/view.php?id=CVE-2025-24020
21 Jan 2025 — WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to p... • https://github.com/LabRedesCefetRJ/WeGIA/commit/89d98bf074cebf6c4ed95fca6f64e325c0b1d2f0 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23220 – WeGIA has a SQL Injection endpoint 'adicionar_raca.php' parameter 'raca'
https://notcve.org/view.php?id=CVE-2025-23220
20 Jan 2025 — WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_raca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnera... • https://github.com/LabRedesCefetRJ/WeGIA/commit/1739e1589948a207b8a82b9bfe078cb826d420de • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23219 – WeGIA has a SQL Injection endpoint 'adicionar_cor.php' parameter 'cor'
https://notcve.org/view.php?id=CVE-2025-23219
20 Jan 2025 — WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerab... • https://github.com/LabRedesCefetRJ/WeGIA/commit/ae9c859006143bd0087b3e6e48a0677e1fff5c7e • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23218 – WeGIA has a SQL Injection endpoint 'adicionar_especie.php' parameter 'especie'
https://notcve.org/view.php?id=CVE-2025-23218
20 Jan 2025 — WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_especie.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vuln... • https://github.com/LabRedesCefetRJ/WeGIA/commit/7465f785651c0cff65059bba96b015ab54235de4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •