CVE-2026-35395
SQL Injection in WeGIA DespachoDAO Allows Authenticated Data Manipulation
Publication date: 2026-04-06
Last updated on: 2026-04-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wegia | wegia | to 3.6.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability is a SQL injection in the WeGIA web manager for charitable institutions, specifically in the file dao/memorando/DespachoDAO.php. The parameter id_memorando is taken directly from user input ($_REQUEST) without any validation and is used directly in SQL queries. This allows any authenticated user to execute arbitrary SQL commands on the database.
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows an authenticated user to run arbitrary SQL commands on the database. This can lead to unauthorized data access, data modification, data deletion, or even complete compromise of the database integrity and availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this SQL injection vulnerability in WeGIA, you should upgrade the software to version 3.6.9 or later, where the issue is fixed.
Additionally, restrict access to authenticated users only and consider implementing input validation and parameterized queries to prevent SQL injection.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows any authenticated user to execute arbitrary SQL commands against the database due to a SQL injection flaw. This can lead to unauthorized access, modification, or deletion of sensitive data.
Such unauthorized access and potential data breaches can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This SQL injection vulnerability can be detected by monitoring for suspicious requests to the endpoint `/WeGIA/controle/control.php` that include the `id_memorando` parameter with unexpected or malicious input.
Since the vulnerability arises from unsanitized input in the `id_memorando` parameter, detection can involve sending crafted test payloads to this parameter and observing the responses for SQL errors or abnormal behavior.
Example commands to test for the vulnerability include sending POST requests with SQL injection payloads to the vulnerable endpoint. For instance, using curl:
- curl -X POST -d "id_memorando=1' OR '1'='1" https://target/WeGIA/controle/control.php
- curl -X POST -d "id_memorando=1' AND updatexml(1,concat(0x7e,(SELECT database()),0x7e),1) -- -" https://target/WeGIA/controle/control.php
If the response contains SQL errors or reveals database information, it indicates the presence of the vulnerability.
Additionally, monitoring logs for unusual or malformed requests to `control.php` with the `id_memorando` parameter can help detect exploitation attempts.