High severity8.8NVD Advisory· Published Mar 27, 2026· Updated Mar 31, 2026
CVE-2026-33991
CVE-2026-33991
Description
WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletar_tag.php uses extract($_REQUEST) on line 14 and directly concatenates the $id_tag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches the vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <3.6.7
Patches
Vulnerability mechanics
References
1- github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-74xm-6wgf-x37jnvdExploitMitigationVendor Advisory
News mentions
0No linked articles in our index yet.