Unrated severityNVD Advisory· Published Feb 27, 2026· Updated Mar 2, 2026
WeGIA lacks authentication verification in adicionar_tipo_docs_atendido.php
CVE-2026-28408
Description
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionar_tipo_docs_atendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like Postman or the file's URL on the web to access features exclusive to employees. The vulnerability allows external parties to inject unauthorized data in massive quantities into the application server's storage. Version 3.6.5 fixes the issue.
Affected products
1- Range: < 3.6.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-xq3w-xwxj-fg2qmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.