CVE-2026-31895

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.6

Description WeGIA is a web manager for charitable institutions. Versions of the software prior to 3.6.6 contain a SQL injection issue in the ‘html/matPat/restaurar produto.php’ file. The id produto parameter, received via the GET request, is directly used in SQL queries without proper sanitization or parameterization. This allows for potential manipulation of database queries.

Recommendations Update to version 3.6.6 or later.