exploitDog

CVE-2026-23723

Опубликовано: 16 янв. 2026

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the Atendido_ocorrenciaControle endpoint via the id_memorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential arbitrary file reads in misconfigured environments. This vulnerability is fixed in 3.6.2.

Ссылки

https://github.com/LabRedesCefetRJ/WeGIA/pull/1333
Issue Tracking
Patch
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2
Release Notes
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-xfmp-2hf9-gfjp
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*

Версия до 3.6.2 (исключая)

EPSS

Процентиль: 10%

0.00036

Низкий

7.2 High

CVSS3

Дефекты

CWE-89

EPSS

Процентиль: 10%

0.00036

Низкий

7.2 High

CVSS3

Дефекты

CWE-89