Plataforma
php
Componente
wegia
Corrigido em
3.6.7
CVE-2026-33134 describes a critical SQL Injection vulnerability discovered in WeGIA, a web manager for charitable institutions. This vulnerability allows an authenticated attacker to execute arbitrary SQL commands, potentially leading to complete database compromise. The issue affects versions of WeGIA up to and including 3.6.5. A patch is available in version 3.6.6.
The SQL Injection vulnerability in WeGIA allows an authenticated attacker to directly manipulate database queries. By injecting malicious SQL code through the idproduto GET parameter in the /html/matPat/restaurarproduto.php endpoint, an attacker can bypass security controls and execute arbitrary commands. This could result in the unauthorized retrieval, modification, or deletion of sensitive data, including donor information, financial records, and user credentials. Successful exploitation could also lead to privilege escalation and complete control over the WeGIA application and underlying database server. The potential for data exfiltration and disruption is significant.
CVE-2026-33134 was publicly disclosed on 2026-03-20. While no active exploitation campaigns have been publicly reported, the vulnerability's critical severity and ease of exploitation (requiring only authentication) make it a high-priority target. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread exploitation.
Charitable institutions and organizations utilizing WeGIA for managing their operations are at significant risk. Specifically, those running older, unpatched versions of WeGIA (3.6.5 and below) are particularly vulnerable. Shared hosting environments where multiple organizations share the same server infrastructure are also at increased risk, as a compromise of one WeGIA instance could potentially lead to the compromise of others.
• linux / server: Monitor web server access logs for requests to /html/matPat/restaurarproduto.php with unusual or suspicious values in the idproduto parameter. Use grep to search for SQL keywords (e.g., SELECT, UNION, DROP) in the request parameters.
grep 'id_produto=.*(SELECT|UNION|DROP).*' /var/log/apache2/access.log• generic web: Use curl to test the endpoint with various payloads. Check the response for SQL errors or unexpected behavior.
curl 'http://wegia-server/html/matPat/restaurar_produto.php?id_produto=1 UNION SELECT 1,2,3 -- ' • database (mysql): If database access is possible, check for unusual database activity or modified tables. Use mysql -e to query the database for suspicious entries.
mysql -u root -p -e "SELECT * FROM users WHERE username LIKE '%evil%';"disclosure
Status do Exploit
EPSS
0.03% (percentil 10%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-33134 is to immediately upgrade WeGIA to version 3.6.6 or later, which contains the necessary fix. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the /html/matPat/restaurarproduto.php endpoint to trusted users only. Web Application Firewalls (WAFs) can be configured to detect and block SQL Injection attempts targeting the idproduto parameter. Thorough input validation and sanitization should be implemented in future development to prevent similar vulnerabilities. After upgrading, confirm the fix by attempting to inject a simple SQL statement through the id_produto parameter and verifying that it is properly sanitized.
Actualice WeGIA a la versión 3.6.6 o superior. Esta versión corrige la vulnerabilidad de inyección SQL. Se recomienda realizar una copia de seguridad antes de actualizar.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-33134 is a critical SQL Injection vulnerability affecting WeGIA versions 3.6.5 and below. An attacker can inject malicious SQL code to compromise the database.
You are affected if you are using WeGIA version 3.6.5 or earlier. Upgrade to version 3.6.6 to mitigate the risk.
Upgrade WeGIA to version 3.6.6 or later. As a temporary workaround, restrict access to the vulnerable endpoint and implement WAF rules.
While no active exploitation campaigns have been publicly reported, the vulnerability's severity and ease of exploitation make it a high-priority target.
Refer to the WeGIA official website or security advisories for the latest information and updates regarding CVE-2026-33134.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.