Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WeGIA — Vulnerabilities & Security Advisories 173

All 173 CVE vulnerabilities found in WeGIA, with AI-generated Chinese analysis, references, and POCs.

Vendor: nilsonLazarin

CVE IDTitleCVSSSeverityPublished
CVE-2026-23725 WeGIA Stored Cross-Site Scripting (XSS) – nome Parameter on Adopters Information Page CWE-79 5.4 -2026-01-16
CVE-2026-23724 WeGIA Stored Cross-Site Scripting (XSS) – atendido_idatendido Parameter on Occurrence Registration Page CWE-79 4.3 Medium2026-01-16
CVE-2026-23722 WeGIA has a Reflected Cross-Site Scripting (XSS) vulnerability allowing arbitrary code execution and UI redressing. CWE-79 9.1 Critical2026-01-16
CVE-2026-23723 WeGIA has a Critical SQL Injection in Atendido_ocorrenciaControle via id_memorando parameter CWE-89 7.2 High2026-01-16
CVE-2025-67501 WeGIA is vulnerable to SQL Injection via editar_categoria endpoint parameter CWE-89 8.8AIHighAI2025-12-09
CVE-2025-67496 WeGia is Vulnerable to XSS through id_pessoa Parameter on Password Configuration Page CWE-79 4.3 Medium2025-12-09
CVE-2025-62598 WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint 'pessoa/editar_info_pessoal.php' Parameter 'action' CWE-79 6.1AIMediumAI2025-10-21
CVE-2025-62597 WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint 'pessoa/editar_info_pessoal.php' Parameter 'sql' CWE-79 6.1AIMediumAI2025-10-21
CVE-2025-62361 WeGIA Open Redirect Vulnerability in `control.php` endpoint `nextPage` parameter (metodo=listarTodos nomeClasse=AlmoxarifeControle) CWE-601 6.1AIMediumAI2025-10-13
CVE-2025-62360 WeGIA SQL Injection via 'id_dependente' param at endpoint `/html/funcionario/dependente_documento.php` CWE-89 8.8AIHighAI2025-10-13
CVE-2025-62359 WeGIA Cross-Site Scripting (XSS) Reflected endpoint id_pet CWE-79 6.1AIMediumAI2025-10-13
CVE-2025-62358 WeGIA Reflected XSS to Account TakeOver at /html/configuracao/configuracao_geral.php via log parameter CWE-79 5.4 Medium2025-10-13
CVE-2025-62179 WeGIA SQL Injection via 'cpf' param at endpoint `/html/funcionario/cadastro_funcionario_pessoa_existente.php` CWE-89 8.8AIHighAI2025-10-13
CVE-2025-62178 WeGIA Cross-Site Scripting (XSS) Reflected endpoint '/html/atendido/cadastro_atendido_parentesco_pessoa_nova.php' parameter 'idatendido' CWE-79 3.5 Low2025-10-13
CVE-2025-62177 WeGIA vulnerable to SQL Injection via 'id_funcionario' param at endpoint `/html/funcionario/dependente_listar.php` CWE-89 8.8AIHighAI2025-10-13
CVE-2025-61665 WeGIA: Broken Access Control in `get_relatorios_socios.php` Endpoint CWE-287 7.5 -2025-10-02
CVE-2025-61606 WeGIA: Open Redirect Vulnerability in `control.php` endpoint CWE-601 6.1 -2025-10-02
CVE-2025-61605 WeGIA: SQL Injection (Blind Time-Based) Vulnerability in /pet/profile_pet.php Endpoint CWE-89 9.8 -2025-10-02
CVE-2025-61604 WeGIA: Cross-Site Request Forgery (CSRF) Vulnerability in `control.php` Endpoint CWE-352 6.5 -2025-10-02
CVE-2025-61603 WeGIA: SQL Injection (Blind Time-Based) Vulnerability in API `descricao` Parameter CWE-89 9.8 -2025-10-02
CVE-2025-59939 WeGIA vulnerable to SQL Injection into method `excluir` of the `ProdutoControle` class in the parameter `id_produto`. CWE-89 8.8 High2025-09-27
CVE-2025-58745 WeGIA has a bypass for the fix for CVE-2025-22133 - Arbitrary File Upload leads to Remote Code Execution (RCE) CWE-94 10.0 Critical2025-09-08
CVE-2025-58454 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'listar_despachos.php' parameter 'id_memorando' CWE-89 6.5AIMediumAI2025-09-08
CVE-2025-58453 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'exibe_anexo.php' parameter 'id_anexo' CWE-89 6.5AIMediumAI2025-09-08
CVE-2025-58452 WeGIA vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint 'listar_despachos.php' parameter 'id_memorando' CWE-79 6.1AIMediumAI2025-09-08
CVE-2025-58159 WeGIA Authenticated Arbitrary File Upload Leading To Remote Code Execution (RCE) CWE-434 10.0 Critical2025-08-29
CVE-2025-57765 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'pre_cadastro_adotante.php' parameter 'msg_e' CWE-79 6.5 Medium2025-08-21
CVE-2025-57764 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'cargos.php' parameter 'msg_e' CWE-79 6.5 Medium2025-08-21
CVE-2025-57763 Cross-Site Scripting (XSS) Reflected in 'insere_despacho.php' parameter 'sccs' CWE-79 6.1AIMediumAI2025-08-21
CVE-2025-57762 WeGIA Stored Cross-Site Scripting (XSS) vulnerability in the endpoint 'dependente_docdependente.php' with parameter 'nome' CWE-79 5.4AIMediumAI2025-08-21

All 173 known CVE vulnerabilities affecting WeGIA with full Chinese analysis, references, and POCs where available.