WeGIA — Vulnerabilities & Security Advisories 173

All 173 CVE vulnerabilities found in WeGIA, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-27140	WeGIA vulnerable to OS Command Injection at endpoint 'importar_dump.php' parameter 'import' (RCE) CWE-78	9.8	-	2025-02-24
CVE-2025-27133	WeGIA has SQL Injection endpoint at 'dao/pet/adicionar_tipo_exame.php' parameter 'tipo_exame' CWE-89	6.5	-	2025-02-24
CVE-2025-27096	SQL Injection endpoint 'html/personalizacao_upload.php' parameter 'id_campo' in WeGIA CWE-89	6.5	-	2025-02-20
CVE-2025-26605	SQL Injection endpoint 'deletar_cargo.php' parameter 'id_cargo' in WeGIA CWE-89	6.5	-	2025-02-18
CVE-2025-26606	SQL Injection endpoint 'informacao_adicional.php' parameter 'id_descricao' in WeGIA CWE-89	6.5	-	2025-02-18
CVE-2025-26607	SQL Injection endpoint 'documento_excluir.php' parameter 'id_funcionario' in WeGIA CWE-89	6.5	-	2025-02-18
CVE-2025-26608	SQL Injection endpoint 'dependente_docdependente.php' parameter 'id_dependente', 'id_doc' in WeGIA CWE-89	6.5	-	2025-02-18
CVE-2025-26609	SQL Injection endpoint 'familiar_docfamiliar.php' parameter 'id_dependente', 'id_doc' in WeGIA CWE-89	6.5	-	2025-02-18
CVE-2025-26610	SQL Injection endpoint 'restaurar_produto_desocultar.php' parameter 'id_produto' in WeGIA CWE-89	6.5	-	2025-02-18
CVE-2025-26611	SQL Injection endpoint 'remover_produto.php' parameter 'id_produto' in WeGIA CWE-89	6.5	-	2025-02-18
CVE-2025-26612	SQL Injection endpoint 'adicionar_almoxarife.php' parameter 'id_almoxarifado', 'id_funcionario' in WeGIA CWE-89	6.5	-	2025-02-18
CVE-2025-26613	OS Command Injection endpoint 'gerenciar_backup.php' parameter 'file' (RCE) in WeGIA CWE-78	8.8	-	2025-02-18
CVE-2025-26614	SQL Injection endpoint 'deletar_documento.php' parameter 'id_cargo' in WeGIA CWE-89	6.5	-	2025-02-18
CVE-2025-26615	Path Traversal endpoint 'examples.php' parameter 'src' in WeGIA CWE-22	10.0	Critical	2025-02-18
CVE-2025-26616	Path Traversal endpoint 'exportar_dump.php' parameter 'file' in WeGIA CWE-22	6.5	-	2025-02-18
CVE-2025-26617	SQL Injection endpoint 'historico_paciente.php' parameter 'id_fichamedica' in WeGIA CWE-89	6.5	-	2025-02-18
CVE-2025-24901	SQL Injection endpoint 'deletar_permissao.php' parameter 'c', 'a', 'r' in WeGIA CWE-89	8.8	-	2025-02-03
CVE-2025-24902	SQL Injection endpoint 'salvar_cargo.php' parameter 'id_cargo' in WeGIA CWE-89	8.8	-	2025-02-03
CVE-2025-24905	SQL Injection endpoint 'get_codigobarras_cobranca.php' parameter 'codigo' in WeGIA CWE-89	8.8	-	2025-02-03
CVE-2025-24906	SQL Injection endpoint 'get_detalhes_cobranca.php' parameter 'codigo' in WeGIA CWE-89	8.8	-	2025-02-03
CVE-2025-24957	SQL Injection endpoint 'get_detalhes_socio.php' parameter 'id_socio' in WeGIA CWE-89	8.8	-	2025-02-03
CVE-2025-24958	SQL Injection endpoint 'salvar_tag.php' parameter 'id_tag' in WeGIA CWE-89	8.8	-	2025-02-03
CVE-2025-24020	WeGIA Open Redirect vulnerability CWE-601	6.1	-	2025-01-21
CVE-2025-23220	WeGIA has a SQL Injection endpoint 'adicionar_raca.php' parameter 'raca' CWE-89	9.1	-	2025-01-20
CVE-2025-23219	WeGIA has a SQL Injection endpoint 'adicionar_cor.php' parameter 'cor' CWE-89	9.1	-	2025-01-20
CVE-2025-23218	WeGIA has a SQL Injection endpoint 'adicionar_especie.php' parameter 'especie' CWE-89	7.5	-	2025-01-20
CVE-2025-23038	Cross-Site Scripting (XSS) Stored endpoint 'remuneracao.php ' parameter 'descricao' in WeGIA CWE-79	5.4	-	2025-01-13
CVE-2025-23030	Cross-Site Scripting (XSS) Reflected endpoint 'cadastro_funcionario.php' parameter 'cpf' in WeGIA CWE-79	6.1	-	2025-01-13
CVE-2025-23031	Cross-Site Scripting (XSS) Stored endpoint 'adicionar_alergia.php' parameter 'nome' in WeGIA CWE-79	5.4	-	2025-01-13
CVE-2025-23032	Cross-Site Scripting (XSS) Stored endpoint 'adicionar_escala.php' parameter 'escala' in WeGIA CWE-79	5.4	-	2025-01-13

All 173 known CVE vulnerabilities affecting WeGIA with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

WeGIA — Vulnerabilities & Security Advisories 173