Nilson Lazarin

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.6.6 **Description** WeGIA is a web manager for charitable institutions. Versions of the software prior to 3.6.6 contain a SQL injection issue in the ‘html/matPat/restaurar produto.php’ file. The `id produto` parameter, received via the GET request, is directly used in SQL queries without proper sanitization or parameterization. This allows for potential manipulation of database queries. **Recommendations** Update to version 3.6.6 or later.