CVE-2026-33133

Name of the Vulnerable Software and Affected Versions WeGIA versions 3.6.5 through 3.6.6

Description WeGIA is a web manager for charitable institutions. The loadBackupDB() function imports SQL files from uploaded backup archives without content validation. An attacker can create a backup archive containing arbitrary SQL statements to create rogue administrator accounts, modify existing passwords, or execute any database operation. This issue was introduced in commit 370104c.

Recommendations Update to version 3.6.7 or later.