← Back to CVEs
CVE-2026-33133
HIGH7.2
Description
WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB() function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator accounts, modify existing passwords, or execute any database operation. This was introduced in commit 370104c. This issue was patched in version 3.6.7.
CVE Details
CVSS v3.1 Score7.2
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
Published3/20/2026
Last Modified3/20/2026
Sourcenvd
Honeypot Sightings0
Affected Products
wegia:wegia
Weaknesses (CWE)
CWE-89
References
https://github.com/LabRedesCefetRJ/WeGIA/pull/1459(security-advisories@github.com)
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.7(security-advisories@github.com)
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qqff-p8fc-hg5f(security-advisories@github.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.