Labredescefetrj Wegia
176 CVEs affecting Labredescefetrj Wegia. Latest disclosed: 2026-05-27. Critical: 13, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-28409 | Critical | 10.0 | 2026-02-27 | WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution (RCE) vulnerability exists in the WeGIA applicatio… |
CVE-2025-58745 | Critical | 10.0 | 2025-09-08 | WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA o… |
CVE-2025-58159 | Critical | 10.0 | 2025-08-29 | WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validatio… |
CVE-2025-26615 | Critical | 10.0 | 2025-02-18 | WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA appl… |
CVE-2026-31896 | Critical | 9.8 | 2026-03-11 | WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The remover… |
CVE-2026-28411 | Critical | 9.8 | 2026-02-27 | WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `extract()` function on the `$_REQUEST` superglobal allows an… |
CVE-2026-28408 | Critical | 9.8 | 2026-02-27 | WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionar_tipo_docs_atendido.php does not go through the project's ce… |
CVE-2025-53529 | Critical | 9.8 | 2025-07-07 | WeGIA is a web manager for charitable institutions. An SQL Injection vulnerability was identified in the /html/funcionario/profile_funcionario.php endpoint. Th… |
CVE-2025-50201 | Critical | 9.8 | 2025-06-19 | WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debu… |
CVE-2026-33136 | Critical | 9.3 | 2026-03-20 | WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the listar_memorandos… |
CVE-2026-33135 | Critical | 9.3 | 2026-03-20 | WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the novo_memorandoo.p… |
CVE-2026-33134 | Critical | 9.3 | 2026-03-20 | WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurar_… |
CVE-2026-23722 | Critical | 9.1 | 2026-01-16 | WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA system, sp… |
CVE-2026-40285 | High | 8.8 | 2026-04-17 | WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpf_usu… |
CVE-2026-35395 | High | 8.8 | 2026-04-06 | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA (Web gerenciador para instituições assistenciais) contains a SQL injection vulnerabil… |
CVE-2026-33991 | High | 8.8 | 2026-03-27 | WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14… |
CVE-2026-31895 | High | 8.8 | 2026-03-11 | WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA (Web gerenciador para instituições assistenciais) contains a SQL injection vu… |
CVE-2025-59939 | High | 8.8 | 2025-09-27 | WeGIA is a Web manager for charitable institutions. Prior to version 3.5.0, WeGIA is vulnerable to SQL Injection attacks in the control.php endpoint with the f… |
CVE-2025-22598 | High | 8.3 | 2025-01-10 | WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the cadastrarSocio.php endpoint of the… |
CVE-2025-22597 | High | 8.3 | 2025-01-10 | WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the CobrancaController.php endpoint of… |