Vinicastro2001

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.6.2 **Description** WeGIA is a web manager for charitable institutions. A SQL Injection issue exists that allows for full database exfiltration, exposure of sensitive PII, and potential arbitrary file reads in misconfigured environments. The issue is present in the `Atendido ocorrenciaControle` API endpoint through the `id memorando` parameter and requires authentication. **Recommendations** Update to version 3.6.2 or later.