CVE-2026-33134

Name of the Vulnerable Software and Affected Versions WeGIA versions 3.6.5 and below

Description WeGIA is a web manager for charitable institutions. An authenticated SQL Injection issue exists in the /html/matPat/restaurar produto.php API endpoint. An attacker with valid credentials can inject arbitrary SQL commands through the id produto GET parameter, potentially leading to complete database compromise. The application directly retrieves the id produto parameter from the $ GET global array and incorporates it into SQL query strings without proper sanitization or the use of parameterized statements.

Recommendations Versions prior to 3.6.6 should be updated to version 3.6.6 or later.