CVE-2026-33991

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.7

Description WeGIA is a web manager for charitable institutions. Versions prior to 3.6.7 contain a flaw in the html/socio/sistema/deletar tag.php file. This file utilizes the extract($ REQUEST) function on line 14, and the $id tag variable is directly concatenated into SQL queries on lines 16-17 without employing prepared statements or sanitization. This can lead to SQL injection.

Recommendations Update to WeGIA version 3.6.7 or later.