CVE-2026-33991

HIGH8.8/ 10.0
Share:
Published: March 27, 2026 at 11:17 PM
Modified: March 31, 2026 at 08:57 PM
Source: security-advisories@github.com

Vulnerability Description

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches the vulnerability.

CVSS Metrics

Base Score
8.8
Severity
HIGH
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-89
Source: security-advisories@github.com

References & Intelligence

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-74xm-6wgf-x37j
Source: security-advisories@github.com
ExploitMitigationVendor Advisory
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-74xm-6wgf-x37j
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitMitigationVendor Advisory

Related Resources

Browse CVE Database
Search 294,000+ vulnerabilities
CVEs from 2026
View all vulnerabilities this year
CWE Database
Explore weakness categories
Security Writeups
Learn from real-world examples
About 4nuxd
Cybersecurity research & tools
Homepage
Explore more security resources