SQL Injection Risk in WeGIA Web Manager by LabRedesCefetRJ
CVE-2026-33991

8.8HIGH

Key Information:

Vendor: Labredescefetrj
Status: Wegia
Vendor: CVE Published:; 27 March 2026

🔔 Create Labredescefetrj Vulnerability Alert

What is CVE-2026-33991?

WeGIA, a web management tool for charitable institutions, contains a vulnerability that allows SQL injection due to unsafe handling of user inputs. Specifically, prior to version 3.6.7, the file html/socio/sistema/deletar_tag.php improperly uses extract($_REQUEST) leading to the $id_tag variable being directly incorporated into SQL queries. This practice of concatenating unsanitized input without prepared statements exposes the application to SQL injection attacks, potentially allowing an attacker to manipulate database queries. Version 3.6.7 addresses this vulnerability, emphasizing the necessity of input validation and parameterized queries to enhance security.

Affected Version(s)

WeGIA < 3.6.7

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2026
Vulnerability Reserved
Mar 24, 2026

CVE-2026-33991 Data

JSON