CVE-2026-31895
EUVD-2026-1131111.03.2026, 20:16
WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA (Web gerenciador para instituições assistenciais) contains a SQL injection vulnerability in html/matPat/restaurar_produto.php. The id_produto parameter from $_GET is directly interpolated into SQL queries without parameterization or sanitization. This vulnerability is fixed in 3.6.6.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| wegia | wegia | 𝑥 < 3.6.6 |
𝑥
= Vulnerable software versions