wegia

179 tracked vulnerabilities.

CVE-2025-58452 MEDIUM
WeGIA < 3.4.11 - Reflected Cross-Site Scripting via id_memorando Parameter
Sep 08, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-58159 CRITICAL
WeGIA < 3.4.11 - Remote Code Execution via Unrestricted PHP File Upload
Aug 29, 2025
CVSS 9.9
EPSS 0.01
CVE-2025-57765 MEDIUM
WeGIA < 3.4.7 - Reflected Cross-Site Scripting via msg_e Parameter
Aug 21, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-57764 MEDIUM
WeGIA < 3.4.7 - Reflected Cross-Site Scripting via cargos.php msg_e Parameter
Aug 21, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-57763 MEDIUM
WeGIA < 3.4.7 - Reflected Cross-Site Scripting via insere_despacho.php CPF Parameter
Aug 21, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-57762 MEDIUM
WeGIA < 3.4.7 - Stored Cross-Site Scripting via dependente_docdependente.php Nome Parameter
Aug 21, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-57761 HIGH
WeGIA < 3.4.10 - SQL Injection via id_funcionario Parameter
Aug 21, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-55171 HIGH
WeGIA < 3.4.8 - Unauthenticated Arbitrary File Deletion via /html/personalizacao_remover.php
Aug 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-55170 MEDIUM
WeGIA < 3.4.8 - Reflected Cross-Site Scripting via verificacao and redir_config Parameters
Aug 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-55169 MEDIUM NUCLEI
WeGIA < 3.4.8 - Path Traversal via Download Remessa Endpoint
Aug 12, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-55168 CRITICAL
WeGIA < 3.4.8 - SQL Injection via id_fichamedica Parameter
Aug 12, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-55167 CRITICAL
WeGIA < 3.4.8 - SQL Injection via id_dependente Parameter
Aug 12, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-54079 HIGH
WeGIA < 3.4.6 - Authenticated SQL Injection via idatendido Parameter
Jul 18, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-54078 MEDIUM
WeGIA < 3.4.6 - Reflected Cross-Site Scripting via personalizacao_imagem.php err Parameter
Jul 18, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-54077 MEDIUM
WeGIA < 3.4.6 - Reflected Cross-Site Scripting via personalizacao.php err Parameter
Jul 18, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-54076 MEDIUM
WeGIA < 3.4.6 - Reflected Cross-Site Scripting via pre_cadastro_atendido.php msg_e Parameter
Jul 18, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-54062 HIGH
WeGIA < 3.4.6 - SQL Injection via id_dependente Parameter
Jul 17, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-54061 HIGH
WeGIA < 3.4.6 - SQL Injection via idatendido_familiares Parameter
Jul 17, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-54060 HIGH
WeGIA < 3.4.6 - SQL Injection via idatendido_familiares Parameter
Jul 17, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-54058 HIGH
WeGIA < 3.4.6 - SQL Injection via idatendido_familiares Parameter
Jul 17, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-53946 HIGH
WeGIA < 3.4.5 - SQL Injection via id_funcionario Parameter
Jul 17, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-53938 HIGH
WeGIA < 3.4.5 - Unauthenticated Authentication Bypass via /dao/verificar_recursos_cargo.php Endpoint
Jul 16, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53937 CRITICAL
WeGIA < 3.4.5 - SQL Injection via controle/control.php cargo Parameter
Jul 16, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-53936 MEDIUM
WeGIA < 3.4.5 - Reflected Cross-Site Scripting via personalizacao_selecao.php nome_car Parameter
Jul 16, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-53935 MEDIUM
WeGIA < 3.4.5 - Reflected Cross-Site Scripting via personalizacao_selecao.php id Parameter
Jul 16, 2025
CVSS 6.1
EPSS 0.00
Products
wegia 179
Quick Filters
Critical CVEs With Exploits In CISA KEV