Labredescefetrj · Wegia · CVE-2026-31895
**Name of the Vulnerable Software and Affected Versions**
WeGIA versions prior to 3.6.6
**Description**
WeGIA is a web manager for charitable institutions. Versions of the software prior to 3.6.6 contain a SQL injection issue in the ‘html/matPat/restaurar produto.php’ file. The `id produto` parameter, received via the GET request, is directly used in SQL queries without proper sanitization or parameterization. This allows for potential manipulation of database queries.
**Recommendations**
Update to version 3.6.6 or later.