3.6.6
CVE-2026-28408 is a critical vulnerability affecting WeGIA, a web manager for charitable institutions. This flaw allows unauthorized data injection into the application server's storage, potentially leading to data manipulation and disruption of services. The vulnerability exists in versions of WeGIA prior to 3.6.5 and has been resolved with the release of version 3.6.5.
The core of this vulnerability lies in the adicionartipodocs_atendido.php script, which lacks proper authentication and permission checks. This means an attacker can bypass standard security controls and directly interact with the script using tools like Postman or by directly accessing its URL. The impact is significant: attackers can inject large quantities of unauthorized data into the application's storage. This could involve modifying critical data related to donations, beneficiaries, or internal records, potentially leading to financial loss, reputational damage, and operational disruption for the charitable institution. The lack of authentication means any external party with network access to the WeGIA instance is potentially at risk.
CVE-2026-28408 was publicly disclosed on 2026-02-27. There is currently no indication of active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available, but the vulnerability's simplicity suggests that one may emerge relatively quickly.
Charitable institutions utilizing WeGIA version 3.6.5 or earlier are at significant risk. Organizations relying on WeGIA for managing sensitive data, such as donor information and financial records, are particularly vulnerable. Shared hosting environments where multiple organizations share the same server infrastructure could also be affected if WeGIA is deployed on a vulnerable instance.
• generic web:
curl -I <wegia_url>/adicionar_tipo_docs_atendido.phpCheck the response headers for any unusual activity or unauthorized access.
• generic web:
grep -r "adicionar_tipo_docs_atendido.php" /var/log/apache2/access.logLook for access attempts to the vulnerable script from unexpected IP addresses.
disclosure
漏洞利用状态
EPSS
0.08% (23% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-28408 is to immediately upgrade WeGIA to version 3.6.5 or later. If upgrading is not immediately feasible due to compatibility concerns or downtime requirements, consider implementing a Web Application Firewall (WAF) rule to block direct access to the adicionartipodocsatendido.php script. Additionally, restrict network access to the WeGIA server to only authorized IP addresses. Regularly review and audit WeGIA configurations to ensure adherence to security best practices. After upgrade, confirm the vulnerability is resolved by attempting to access the adicionartipodocsatendido.php script with an unauthorized user account and verifying access is denied.
将 WeGIA 更新到 3.6.5 或更高版本。此版本修复了 adicionar_tipo_docs_atendido.php 脚本中身份验证验证缺失的问题,防止了对仅限员工使用的功能的未经授权访问以及未经授权数据的注入。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-28408 is a critical vulnerability in WeGIA versions prior to 3.6.5 that allows attackers to inject unauthorized data into the application's storage due to missing authentication checks in a specific script.
You are affected if you are using WeGIA version 3.6.5 or earlier. Immediately check your WeGIA version and upgrade if necessary.
The recommended fix is to upgrade WeGIA to version 3.6.5 or later. As a temporary workaround, implement a WAF rule to block access to the vulnerable script.
There is currently no evidence of active exploitation, but the vulnerability's simplicity suggests it could be targeted in the future.
Refer to the WeGIA official website or security advisory channels for the latest information and updates regarding CVE-2026-28408.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。