Ducluongtran9121

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.11 Description: WeGIA is a Web manager for charitable institutions. An arbitrary file upload issue exists due to insufficient file type validation. The application only checks MIME types for Excel files at the `/html/socio/sistema/controller/controla xlsx.php` endpoint, which can be bypassed by utilizing magic bytes of Excel files within a PHP file. This allows an attacker to upload a webshell to the server, leading to remote code execution. Recommendations: Upgrade to version 3.4.11 or later.

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.10 Description: WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability exists in the `/html/funcionario/dependente remover.php` endpoint, specifically in the `id funcionario` parameter. This allows attackers to execute arbitrary SQL commands, potentially compromising the confidentiality, integrity, and availability of the database. Recommendations: Update WeGIA to version 3.4.10 or later.

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.8 Description: WeGIA is an open-source web manager designed for the Portuguese language and charitable institutions. A SQL Injection vulnerability exists in the `/html/funcionario/dependente remover.php` API endpoint, specifically affecting the `id dependente` parameter. Successful exploitation allows attackers to execute arbitrary SQL commands, potentially compromising the confidentiality, integrity, and availability of the database. Recommendations: Update WeGIA to version 3.4.8 or later.

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.8 Description: WeGIA is an open source web manager focused on the Portuguese language and charitable institutions. A SQL Injection vulnerability exists in the `/html/saude/aplicar medicamento.php` API endpoint, specifically in the `id fichamedica` parameter. This allows attackers to execute arbitrary SQL commands, potentially compromising the confidentiality, integrity, and availability of the database. Recommendations: Update to version 3.4.8 or later.

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.8 Description: WeGIA is a web manager focused on the Portuguese language and charitable institutions. A path traversal vulnerability exists in the `html/socio/sistema/download remessa.php` endpoint. This could allow an attacker to gain unauthorized access to local files on the server and sensitive information stored in `config.php`, which contains information that could allow direct access to the database. Recommendations: Update to version 3.4.8 or later.

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.8 Description: WeGIA is a web manager with a focus on the Portuguese language and charitable institutions. A reflected cross-site scripting (XSS) vulnerability exists in the `/html/alterar senha.php` API endpoint. Attackers can inject malicious scripts through the `verificacao` and `redir config` parameters. Recommendations: Update to version 3.4.8 or later.