CVE-2026-23723

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.2

Description WeGIA is a web manager for charitable institutions. A SQL Injection issue exists that allows for full database exfiltration, exposure of sensitive PII, and potential arbitrary file reads in misconfigured environments. The issue is present in the Atendido ocorrenciaControle API endpoint through the id memorando parameter and requires authentication.

Recommendations Update to version 3.6.2 or later.