Plattform
php
Komponente
wegia
Behoben in
3.6.7
CVE-2026-31896 describes a critical SQL injection vulnerability discovered in WeGIA, a web manager for charitable institutions. This flaw allows an attacker, potentially bypassing authentication, to inject malicious SQL code into database queries, leading to data breaches or denial-of-service conditions. The vulnerability affects versions of WeGIA up to and including 3.6.6, and a fix is available in version 3.6.6.
The SQL injection vulnerability in WeGIA arises from insecure handling of user input within the removerprodutoocultar.php script. The script utilizes extract($_REQUEST) to populate variables, which are then directly concatenated into a SQL query executed via PDO::query. This lack of input sanitization allows an attacker to inject arbitrary SQL commands. Successful exploitation could result in the exfiltration of sensitive data stored within the WeGIA database, such as donor information, financial records, and beneficiary details. Furthermore, an attacker could manipulate the database to cause a denial-of-service condition, rendering the application unavailable to legitimate users. The provided proof-of-concept demonstrates a time-based delay attack, highlighting the potential for disruption.
This vulnerability is considered high-risk due to its critical CVSS score and the availability of a public proof-of-concept. While no active exploitation campaigns have been publicly reported as of the publication date, the ease of exploitation and the potential impact make it a likely target. The vulnerability was disclosed on 2026-03-11. Monitor security advisories and threat intelligence feeds for any indications of exploitation.
Charitable institutions and organizations utilizing WeGIA to manage their operations are at significant risk. Specifically, those running older, unpatched versions of WeGIA (≤ 3.6.6) are particularly vulnerable. Shared hosting environments where multiple organizations share the same server infrastructure are also at increased risk, as a compromise of one WeGIA instance could potentially impact others.
• php: Examine web server access logs for requests to removerprodutoocultar.php containing suspicious SQL syntax in the request parameters.
grep -iE 'SELECT|INSERT|UPDATE|DELETE|UNION|DROP' /var/log/apache2/access.log | grep remover_produto_ocultar.php• php: Review the removerprodutoocultar.php script for the use of extract($_REQUEST) and direct concatenation of user-supplied variables into SQL queries.
• generic web: Monitor database server logs for unusual SQL queries originating from the WeGIA application server.
• database (mysql): Check for unauthorized database users or privilege escalations.
SELECT User, Host FROM mysql.user WHERE Host != 'localhost';disclosure
poc
Exploit-Status
EPSS
0.03% (10% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-31896 is to immediately upgrade WeGIA to version 3.6.6 or later, which contains the necessary fix. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to detect and block SQL injection attempts targeting the removerprodutoocultar.php script. Specifically, look for suspicious characters and SQL keywords in requests to this endpoint. Input validation and parameterized queries should be implemented as a long-term security improvement. After upgrading, verify the fix by attempting a SQL injection attack on the removerprodutoocultar.php script; the query should be properly sanitized and not execute arbitrary commands.
Aktualisieren Sie WeGIA auf Version 3.6.6 oder höher. Diese Version enthält die Korrektur für die SQL Injection Schwachstelle. Es wird empfohlen, vor der Aktualisierung ein Backup durchzuführen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-31896 is a critical SQL injection vulnerability affecting WeGIA versions up to 3.6.6. It allows attackers to execute arbitrary SQL commands, potentially leading to data breaches or denial of service.
You are affected if you are using WeGIA version 3.6.6 or earlier. Immediately assess your environment and upgrade to the patched version.
Upgrade WeGIA to version 3.6.6 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting access and using a WAF.
While no confirmed active exploitation is publicly known, the vulnerability's critical severity and available proof-of-concept increase the likelihood of exploitation. Continuous monitoring is recommended.
Refer to the WeGIA official website or security advisory channels for the latest information and updates regarding CVE-2026-31896.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.