WeGIA has a Critical SQL Injection in Atendido_ocorrenciaControle via id

7.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the Atendido_ocorrenciaControle endpoint via the id_memorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential arbitrary file reads in misconfigured environments. This vulnerability is fixed in 3.6.2.

Basic Information

ID CVE-2026-23723

Source GitHub_M

Published Jan 16, 2026 at 19:27

Affected Product

Vendor LabRedesCefetRJ

Product WeGIA

Version < 3.6.2

Affected Versions LabRedesCefetRJ WeGIA < 3.6.2

CWE Classification

CWE-89

References

{
    "lastseen": "",
    "description": "WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the Atendido_ocorrenciaControle endpoint via the id_memorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential arbitrary file reads in misconfigured environments. This vulnerability is fixed in 3.6.2.",
    "published": "2026-01-16T19:27:26.790Z",
    "modified": "2026-01-16T19:27:26.790Z",
    "type": "cve",
    "title": "WeGIA has a Critical SQL Injection in Atendido_ocorrenciaControle via id_memorando parameter",
    "source": "GitHub_M",
    "references": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-xfmp-2hf9-gfjp\nhttps://github.com/LabRedesCefetRJ/WeGIA/pull/1333\nhttps://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2",
    "id": "CVE-2026-23723",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "LabRedesCefetRJ WeGIA < 3.6.2",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WeGIA",
    "version": "< 3.6.2",
    "vendor": "LabRedesCefetRJ",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WeGIA has a Critical SQL Injection in Atendido_ocorrenciaControle via id_memorando parameter_CVE-2026-23723