Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WeGIA — Vulnerabilities & Security Advisories 173

All 173 CVE vulnerabilities found in WeGIA, with AI-generated Chinese analysis, references, and POCs.

Vendor: nilsonLazarin

CVE IDTitleCVSSSeverityPublished
CVE-2025-57761 WeGIA SQL Injection vulnerability via 'id_funcionario' param at endpoint `/html/funcionario/dependente_remover.php` CWE-89 9.8AICriticalAI2025-08-21
CVE-2025-55171 WeGIA Anonymous Attacker can Delete Arbitrary Image file at endpoint `/html/personalizacao_remover.php` CWE-287 7.5 High2025-08-12
CVE-2025-55170 WeGIA reflected XSS via `verificacao` and `redir_config` param at endpoint `/html/alterar_senha.php` CWE-79 6.5 Medium2025-08-12
CVE-2025-55169 WeGIA Path Traversal at endpoint 'html/socio/sistema/download_remessa.php' via parameter 'file' CWE-287 7.5AIHighAI2025-08-12
CVE-2025-55168 WeGIA SQL Injection via id_fichamedica at endpoint `GET /html/saude/aplicar_medicamento.php` CWE-89 9.8AICriticalAI2025-08-12
CVE-2025-55167 WeGIA SQL Injection via id_fichamedica at endpoint `GET/html/funcionario/dependente_remover.php` CWE-89 9.8AICriticalAI2025-08-12
CVE-2025-54079 WeGIA vulnerable to SQL Injection (Blind Time-Based) in endpoint 'Profile_Atendido.php' parameter 'idatendido' CWE-89 6.5 -2025-07-18
CVE-2025-54078 WeGIA Reflected Cross-Site Scripting (XSS) vulnerability in endpoint 'personalizacao_imagem.php' parameter 'err' CWE-79 6.5 Medium2025-07-18
CVE-2025-54077 WeGIA Reflected Cross-Site Scripting (XSS) vulnerability in endpoint 'personalizacao.php' parameter 'err' CWE-79 6.5 Medium2025-07-18
CVE-2025-54076 WeGIA Reflected Cross-Site Scripting (XSS) vulnerability in endpoint 'pre_cadastro_atendido.php' parameter 'msg_e' CWE-79 6.5 Medium2025-07-18
CVE-2025-54062 WeGIA SQL Injection (Blind Time-Based) Vulnerability in id_dependente Parameter on profile_dependente.php Endpoint CWE-89 9.8AICriticalAI2025-07-17
CVE-2025-54061 WeGIASQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarDoc.php Endpoint CWE-89 8.1AIHighAI2025-07-17
CVE-2025-54060 WeGIA SQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarInfoPessoal.php Endpoint CWE-89 8.1AIHighAI2025-07-17
CVE-2025-54058 WeGIA SQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarEndereco.php Endpoint CWE-89 8.1AIHighAI2025-07-17
CVE-2025-53946 WeGIA vulnerable to SQL Injection in endpoint profile_paciente.php parameter id_fichamedica CWE-89 9.1AICriticalAI2025-07-17
CVE-2025-53938 WeGIA vulnerable to Authentication Bypass due to Missing Session Validation in multiple endpoints CWE-306 9.1AICriticalAI2025-07-16
CVE-2025-53937 WeGIA has SQL Injection (Blind Time-Based) Vulnerability in `cargo` Parameter on `control.php` Endpoint CWE-89 8.8AIHighAI2025-07-16
CVE-2025-53936 WeGIA vulnerable to Reflected Cross-Site Scripting via endpoint `personalizacao_selecao.php` parameter `nome_car` CWE-79 6.1AIMediumAI2025-07-16
CVE-2025-53935 WeGIA vulnerable to Reflected Cross-Site Scripting via endpoint `personalizacao_selecao.php` parameter `id` CWE-79 6.1AIMediumAI2025-07-16
CVE-2025-53934 WeGIA vulnerable to Stored Cross-Site Scripting via endpoint 'control.php' parameter 'descricao_emergencia' CWE-79 5.4AIMediumAI2025-07-16
CVE-2025-53933 WeGIA vulnerable to Stored Cross-Site Scripting via endpoint 'adicionar_enfermidade.php' parameter 'nome' CWE-79 5.4AIMediumAI2025-07-16
CVE-2025-53932 WeGIA vulnerable to Reflected Cross-Site Scripting via endpoint 'cadastro_adotante.php' parameter 'cpf' CWE-79 6.1AIMediumAI2025-07-16
CVE-2025-53931 WeGIA vulnerable to Stored Cross-Site Scripting via endpoint `adicionar_raca.php` parameter `raca` CWE-79 5.4AIMediumAI2025-07-16
CVE-2025-53930 WeGIA vulnerable to Stored Cross-Site Scripting (XSS) via endpoint 'adicionar_especie.php' parameter 'especie' CWE-79 5.4AIMediumAI2025-07-16
CVE-2025-53929 WeGIA vulnerable to Stored Cross-Site Scripting (XSS) via endpoint `adicionar_cor.php` parameter `cor` CWE-79 5.4AIMediumAI2025-07-16
CVE-2025-53824 WeGIA ReflectedCross-Site Scripting (XSS) vulnerability in endpoint 'cadastro_pet.php' parameter 'msg' CWE-79 6.1AIMediumAI2025-07-14
CVE-2025-53823 WeGIA vulnerable to SQL Injection (Blind Time-Based) in `processa_deletar_socio.php` parameter `id_socio` CWE-89 9.8AICriticalAI2025-07-14
CVE-2025-53822 WeGIA vulnerable to Reflected Cross-Site Scripting in endpoint 'relatorio_geracao.php' parameter 'tipo_relatorio' CWE-79 6.5 Medium2025-07-14
CVE-2025-53821 WeGIA vulnerable to Open Redirect in endpoint 'control.php' parameter 'nextPage' CWE-601 4.7 Medium2025-07-14
CVE-2025-53820 WeGIA vulnerable to Cross-Site Scripting (XSS) Reflected via endpoint 'index.php' parameter 'erro' CWE-79 6.5 Medium2025-07-14

All 173 known CVE vulnerabilities affecting WeGIA with full Chinese analysis, references, and POCs where available.