CVE-2026-35395

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.9

Description WeGIA, a Web manager for charitable institutions, contains a SQL injection issue in the 'dao/memorando/DespachoDAO.php' file. The id memorando parameter, obtained from the $ REQUEST variable, is used in SQL queries without proper validation. This allows authenticated users to execute arbitrary SQL commands against the database.

Recommendations Update to version 3.6.9 or later.