Bao190505

**Name of the Vulnerable Software and Affected Versions** WeGIA versions 3.6.5 and below **Description** WeGIA is a web manager for charitable institutions. An authenticated SQL Injection issue exists in the `/html/matPat/restaurar produto.php` API endpoint. An attacker with valid credentials can inject arbitrary SQL commands through the `id produto` GET parameter, potentially leading to complete database compromise. The application directly retrieves the `id produto` parameter from the `$ GET` global array and incorporates it into SQL query strings without proper sanitization or the use of parameterized statements. **Recommendations** Versions prior to 3.6.6 should be updated to version 3.6.6 or later.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions 3.6.6 and below **Description** WeGIA is a web manager for charitable institutions. The software is affected by a Reflected Cross-Site Scripting (XSS) issue in the `/novo memorandoo.php` endpoint. An attacker can inject arbitrary JavaScript into the `sccs` GET parameter, which is directly echoed into the HTML response without sanitization or encoding. The `/html/memorando/novo memorandoo.php` script reads HTTP GET parameters to display dynamic success messages to the user. Specifically, around line 273, the code checks if `$ GET['msg']` equals 'success'. If true, it concatenates `$ GET['sccs']` into an HTML alert <div> and outputs it to the browser. **Recommendations** Versions 3.6.6 and below should be updated to version 3.6.7 or later.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions 3.6.6 and below **Description** WeGIA is a web manager for charitable institutions. The application contains a Reflected Cross-Site Scripting (XSS) issue in the `/html/memorando/listar memorandos ativos.php` endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the `sccd` GET parameter. This parameter is then directly echoed into the HTML response without proper sanitization or encoding. The script handles dynamic success messages to users using query string parameters, specifically checking if `$ GET['msg']` equals 'success'. If true, it concatenates and reflects `$ GET['sccd']` into an HTML alert <div>. **Recommendations** Versions prior to 3.6.7 should be updated to version 3.6.7 or later.