Weak Password Storage in WeGIA by LabRedesCefetRJ
CVE-2026-45027

5.9MEDIUM

Key Information:

Vendor: Labredescefetrj
Status: Wegia
Vendor: CVE Published:; 27 May 2026

🔔 Create Labredescefetrj Vulnerability Alert

What is CVE-2026-45027?

WeGIA, a web management tool for charitable institutions, contains a significant vulnerability where user passwords are hashed without salting prior to storage. Versions before 3.7.3 utilize PHP's hash() function with SHA-256 for hashing user passwords during login and password changes. This method is unsuitable for password storage as it allows for identical passwords to yield the same hash, exposing the platform to rainbow table attacks. The absence of a salt means that precomputed hashes can easily compromise user passwords, making it imperative for users of the affected versions to upgrade to 3.7.3 to fortify their security against this flaw.

Affected Version(s)

WeGIA < 3.7.3

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 8, 2026

CVE-2026-45027 Data

JSON