EUVD-2026-19495CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA (Web gerenciador para instituições assistenciais) contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The id_memorando parameter is extracted from $_REQUEST without validation and directly interpolated into SQL queries, allowing any authenticated user to execute arbitrary SQL commands against the database. This vulnerability is fixed in 3.6.9.
Analysis
SQL injection in WeGIA 3.6.8 and earlier allows authenticated users to execute arbitrary SQL commands through the id_memorando parameter in DespachoDAO.php. The vulnerability affects WeGIA, a web-based management system for charitable institutions, enabling attackers with valid credentials to potentially exfiltrate sensitive donor/beneficiary data, modify records, or compromise database integrity. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all WeGIA deployments and confirm versions in use; restrict database account permissions to least-privilege principles. Within 7 days: Upgrade all WeGIA instances to version 3.6.9 or later per vendor advisory; validate patch deployment in test environment first. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today