Platform
php
Component
wegia
Fixed in
3.6.7
CVE-2026-31896 describes a critical SQL injection vulnerability discovered in WeGIA, a web manager for charitable institutions. This flaw allows an attacker, potentially bypassing authentication, to inject malicious SQL code into database queries, leading to data breaches or denial-of-service conditions. The vulnerability affects versions of WeGIA up to and including 3.6.6, and a fix is available in version 3.6.6.
The SQL injection vulnerability in WeGIA's removerprodutoocultar.php script poses a significant risk. Attackers can leverage this flaw to execute arbitrary SQL commands against the WeGIA database. This could lead to the exfiltration of sensitive data, such as donor information, financial records, and user credentials. Furthermore, attackers can manipulate the database to disrupt WeGIA's functionality, causing a denial-of-service attack. The use of extract($_REQUEST) without proper sanitization directly contributes to the vulnerability, allowing attackers to inject malicious code directly into SQL queries via user-controlled input. The provided proof-of-concept demonstrates a time-based delay attack, highlighting the potential for disruption.
CVE-2026-31896 was publicly disclosed on 2026-03-11. A proof-of-concept demonstrating the time-based SQL injection attack is publicly available, increasing the likelihood of exploitation. The vulnerability's critical severity (CVSS 9.8) and ease of exploitation make it a high-priority concern. It is not currently listed on CISA KEV, but its severity warrants monitoring. Active campaigns targeting charitable institutions are possible, given the sensitivity of the data typically managed by WeGIA.
Exploit Status
EPSS
0.03% (10% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-31896 is to immediately upgrade WeGIA to version 3.6.6 or later, which contains the necessary fix. If upgrading is not immediately feasible, consider implementing temporary workarounds. These may include restricting access to the removerprodutoocultar.php script, implementing strict input validation on all user-supplied data, and utilizing a Web Application Firewall (WAF) with SQL injection protection rules. Carefully review and harden database user permissions to limit the potential impact of a successful injection. After upgrading, confirm the fix by attempting to inject a simple SQL query through the vulnerable script and verifying that it is properly sanitized and does not execute.
Update WeGIA to version 3.6.6 or higher. This version contains the fix for the SQL injection (SQL Injection) vulnerability. It is recommended to perform a backup before updating.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-31896 is a critical SQL injection vulnerability affecting WeGIA versions up to 3.6.6. It allows attackers to execute arbitrary SQL commands, potentially leading to data breaches or denial of service.
You are affected if you are using WeGIA version 3.6.6 or earlier. Immediately assess your environment and upgrade to the patched version.
Upgrade WeGIA to version 3.6.6 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting access and using a WAF.
While no confirmed active exploitation is publicly known, the vulnerability's critical severity and available proof-of-concept increase the likelihood of exploitation. Continuous monitoring is recommended.
Refer to the WeGIA official website or security advisory channels for the latest information and updates regarding CVE-2026-31896.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.