Platform
php
Component
wegia
Opgelost in
3.6.6
CVE-2026-28408 is a critical vulnerability affecting WeGIA, a web manager for charitable institutions. This flaw allows unauthorized data injection into the application server's storage, potentially leading to data manipulation and disruption of services. The vulnerability exists in versions of WeGIA prior to 3.6.5 and has been resolved with the release of version 3.6.5.
The core of this vulnerability lies in the adicionartipodocs_atendido.php script, which lacks proper authentication and permission checks. This means an attacker can bypass standard security controls and directly interact with the script using tools like Postman or by directly accessing its URL. The impact is significant: attackers can inject large quantities of unauthorized data into the application's storage. This could involve modifying critical data related to donations, beneficiaries, or internal records, potentially leading to financial loss, reputational damage, and operational disruption for the charitable institution. The lack of authentication means any external party with network access to the WeGIA instance is potentially at risk.
CVE-2026-28408 was publicly disclosed on 2026-02-27. There is currently no indication of active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available, but the vulnerability's simplicity suggests that one may emerge relatively quickly.
Charitable institutions utilizing WeGIA version 3.6.5 or earlier are at significant risk. Organizations relying on WeGIA for managing sensitive data, such as donor information and financial records, are particularly vulnerable. Shared hosting environments where multiple organizations share the same server infrastructure could also be affected if WeGIA is deployed on a vulnerable instance.
• generic web:
curl -I <wegia_url>/adicionar_tipo_docs_atendido.phpCheck the response headers for any unusual activity or unauthorized access.
• generic web:
grep -r "adicionar_tipo_docs_atendido.php" /var/log/apache2/access.logLook for access attempts to the vulnerable script from unexpected IP addresses.
disclosure
Exploit Status
EPSS
0.08% (23% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2026-28408 is to immediately upgrade WeGIA to version 3.6.5 or later. If upgrading is not immediately feasible due to compatibility concerns or downtime requirements, consider implementing a Web Application Firewall (WAF) rule to block direct access to the adicionartipodocsatendido.php script. Additionally, restrict network access to the WeGIA server to only authorized IP addresses. Regularly review and audit WeGIA configurations to ensure adherence to security best practices. After upgrade, confirm the vulnerability is resolved by attempting to access the adicionartipodocsatendido.php script with an unauthorized user account and verifying access is denied.
Werk WeGIA bij naar versie 3.6.5 of hoger. Deze versie corrigeert het ontbreken van authenticatie verificatie in het script adicionar_tipo_docs_atendido.php, waardoor ongeautoriseerde toegang tot functies exclusief voor medewerkers en de injectie van ongeautoriseerde data wordt voorkomen.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-28408 is a critical vulnerability in WeGIA versions prior to 3.6.5 that allows attackers to inject unauthorized data into the application's storage due to missing authentication checks in a specific script.
You are affected if you are using WeGIA version 3.6.5 or earlier. Immediately check your WeGIA version and upgrade if necessary.
The recommended fix is to upgrade WeGIA to version 3.6.5 or later. As a temporary workaround, implement a WAF rule to block access to the vulnerable script.
There is currently no evidence of active exploitation, but the vulnerability's simplicity suggests it could be targeted in the future.
Refer to the WeGIA official website or security advisory channels for the latest information and updates regarding CVE-2026-28408.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.