SQL Injection in Labredescefetrj Wegia

CVE-2026-33133

WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB() function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing…

Vulnerability class: SQL Injection

EPSS: 0.001 (27.1th percentile) — read the EPSS interpretation.

Affected products

Labredescefetrj Wegia — versions >= 3.6.5, < 3.6.7

Weakness classification (CWE)

CWE-89 — SQL Injection

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qqff-p8fc-hg5f (x_refsource_CONFIRM)
https://github.com/LabRedesCefetRJ/WeGIA/pull/1459 (x_refsource_MISC)
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.7 (x_refsource_MISC)