wegia

179 tracked vulnerabilities.

CVE-2025-52474 CRITICAL
WeGIA < 3.4.2 - SQL Injection via id Parameter in control.php Endpoint
Jun 19, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-50201 CRITICAL
WeGIA < 3.4.2 - Unauthenticated OS Command Injection via Debug Info Branch Parameter
Jun 19, 2025
CVSS 9.8
EPSS 0.35
CVE-2025-46828 CRITICAL
WeGIA <= 3.3.0 - Unauthenticated SQL Injection via /html/socio/sistema/get_socios.php Query Parameter
May 07, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-30367 CRITICAL
WeGIA < 3.2.6 - SQL Injection via nextPage Parameter
Mar 27, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-30366 MEDIUM
WeGIA < 3.2.8 - Stored Cross-Site Scripting
Mar 27, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-30365 CRITICAL
WeGIA < 3.2.8 - SQL Injection via Query Parameter in /WeGIA/html/socio/sistema/controller/query_geracao_auto.php
Mar 27, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-30364 CRITICAL
WeGIA < 3.2.8 - SQL Injection via id_funcionario Parameter
Mar 27, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-30363 MEDIUM
WeGIA < 3.2.6 - Stored Cross-Site Scripting
Mar 27, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-30362 MEDIUM
WeGIA < 3.2.8 - Stored Cross-Site Scripting
Mar 27, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-30361 CRITICAL
WeGIA < 3.2.6 - Unauthenticated Password Change via control.php Endpoint
Mar 27, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-29782 MEDIUM
WeGIA < 3.2.17 - Stored Cross-Site Scripting via tipo Parameter in adicionar_tipo_docs_atendido.php
Mar 14, 2025
CVSS 5.4
EPSS 0.01
CVE-2025-27499 MEDIUM
WeGIA < 3.2.10 - Stored Cross-Site Scripting via socio_nome Parameter
Mar 03, 2025
CVSS 6.1
EPSS 0.01
CVE-2025-27420 MEDIUM
WeGIA < 3.2.16 - Stored Cross-Site Scripting via Descricao Parameter
Mar 03, 2025
CVSS 5.4
EPSS 0.01
CVE-2025-27419 HIGH
WeGIA < 3.2.16 - Unauthenticated Denial of Service via Aggressive Spidering
Mar 03, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27418 MEDIUM
WeGIA < 3.2.16 - Stored Cross-Site Scripting via adicionar_tipo_atendido.php tipo Parameter
Mar 03, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-27417 MEDIUM
WeGIA < 3.2.16 - Stored Cross-Site Scripting via adicionar_status_atendido.php Status Parameter
Mar 03, 2025
CVSS 6.1
EPSS 0.01
CVE-2025-27140 CRITICAL
WeGIA < 3.2.15 - OS Command Injection via importar_dump.php Endpoint
Feb 24, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-27133 HIGH
WeGIA < 3.2.15 - Authenticated SQL Injection via adicionar_tipo_exame.php Endpoint
Feb 24, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-27096 CRITICAL
WeGIA < 3.2.14 - Authenticated SQL Injection via personalizacao_upload.php Endpoint
Feb 20, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-26617 CRITICAL
WeGIA < 3.2.14 - SQL Injection via historico_paciente.php Endpoint
Feb 18, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-26616 HIGH
WeGIA < 3.2.14 - Path Traversal via exportar_dump.php Endpoint
Feb 18, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-26615 CRITICAL
WeGIA < 3.2.14 - Path Traversal via examples.php Endpoint
Feb 18, 2025
CVSS 10.0
EPSS 0.00
CVE-2025-26614 HIGH
WeGIA < 3.2.14 - Authenticated SQL Injection via deletar_documento.php Endpoint
Feb 18, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-26613 CRITICAL
WeGIA < 3.2.14 - OS Command Injection via gerenciar_backup.php Endpoint
Feb 18, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-26612 CRITICAL
WeGIA < 3.2.13 - SQL Injection via adicionar_almoxarife.php Endpoint
Feb 18, 2025
CVSS 9.8
EPSS 0.01
Products
wegia 179
Quick Filters
Critical CVEs With Exploits In CISA KEV