VYPR
Vendor

LabRedesCefetRJ

Products
1
CVEs
166
Across products
166
Status
Private

Products

1

Recent CVEs

166
View all 166 CVEs →
  • CVE-2026-40285HigApr 17, 2026
    risk 0.50cvss 8.8epss 0.00

    WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpf_usuario POST parameter overwrites the session-stored user identity via extract($_REQUEST) in…

  • CVE-2026-33991HigMar 27, 2026
    risk 0.50cvss 8.8epss 0.00

    WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL queries on lines 16-17 without prepared statements or…

  • CVE-2026-40286HigApr 17, 2026
    risk 0.42cvss 7.5epss 0.00

    WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the 'Member Registration' (Cadastrar Sócio) function. By injecting a payload into the 'Member Name' (Nome Sócio) field, the…

  • CVE-2026-42871MedMay 11, 2026
    risk 0.38cvss epss 0.00

    WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiar_docfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential…

  • CVE-2026-45026MedMay 11, 2026
    risk 0.37cvss 6.8epss 0.00

    WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the Processo de Aceitação (html/atendido/processo_aceitacao.php) page, which is…

  • CVE-2026-45025MedMay 11, 2026
    risk 0.37cvss 6.8epss 0.00

    WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the "Etapas de um Processo" (html/atendido/etapa_processo.php) page, which is…

  • CVE-2026-40284MedApr 17, 2026
    risk 0.37cvss 6.8epss 0.00

    WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript via the "Destinatário" field. The payload is stored and later executed when viewing the…

  • CVE-2026-42870MedMay 11, 2026
    risk 0.35cvss epss 0.00

    WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting (XSS) flaw was identified at the following endpoint: funcionario/profile_funcionario.php?id_funcionario=2. By injecting a malicious payload into the 'Description'…

  • CVE-2026-42872MedMay 11, 2026
    risk 0.33cvss 6.1epss 0.00

    WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting (XSS) vulnerability exists in lista_arquivos_etapa.php due to improper handling of user-supplied input. The id_processo parameter is directly embedded into the HTML…

  • CVE-2026-35399MedApr 6, 2026
    risk 0.33cvss 6.1epss 0.00

    WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data…

  • CVE-2026-45335MedMay 27, 2026
    risk 0.28cvss 5.4epss 0.00

    WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and…

  • CVE-2025-6699LowJun 26, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability classified as problematic has been found in LabRedesCefetRJ WeGIA 3.4.0. This affects an unknown part of the file /html/funcionario/cadastro_funcionario.php of the component Cadastro de Funcionário. The manipulation of the argument Nome/Sobrenome leads to cross…

  • CVE-2025-6698LowJun 26, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /html/matPat/adicionar_tipoSaida.php of the component Adicionar tipo. The manipulation of the argument Insira o novo tipo…

  • CVE-2025-6697LowJun 26, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /html/matPat/adicionar_tipoEntrada.php of the component Adicionar tipo. The manipulation of the argument Insira o…

  • CVE-2025-6696LowJun 26, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been classified as problematic. Affected is an unknown function of the file /html/atendido/Cadastro_Atendido.php of the component Cadastro de Atendio. The manipulation of the argument Nome/Sobrenome leads to cross…

  • CVE-2025-6695LowJun 26, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This issue affects some unknown processing of the file /html/matPat/adicionar_categoria.php of the component Additional Categoria. The manipulation of the argument Insira a nova categoria…

  • CVE-2025-6694LowJun 26, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This vulnerability affects unknown code of the file /html/matPat/adicionar_unidade.php of the component Adicionar Unidade. The manipulation of the argument Insira a nova unidade leads to…

  • CVE-2026-42873NonMay 11, 2026
    risk 0.00cvss 0.0epss 0.00

    WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependente_upload.php, the application responds with an overly descriptive error message. This leads to information…

  • CVE-2026-33136Mar 20, 2026
    risk 0.00cvss epss 0.00

    WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the listar_memorandos_ativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is…

  • CVE-2026-33135Mar 20, 2026
    risk 0.00cvss epss 0.00

    WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the novo_memorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the…

VYPR — Vulnerability Intelligence