CVE-2026-33133
WeGIA has an arbitrary SQL execution vulnerability via crafted backup archive
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
15th
WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB() function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator accounts, modify existing passwords, or execute any database operation. This was introduced in commit 370104c. This issue was patched in version 3.6.7.
| CWE | CWE-89 |
| Vendor | labredescefetrj |
| Product | wegia |
| Published | Mar 20, 2026 |
| Last Updated | Mar 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for labredescefetrj wegia
Be the first to know when new unknown vulnerabilities affecting labredescefetrj wegia are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
LabRedesCefetRJ / WeGIA
>= 3.6.5, < 3.6.7