CVE
CVE-2026-31895
WeGIA has a SQL Injection via Direct Query Interpolation in restaurar_produto.php
WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA (Web gerenciador para instituições assistenciais) contains a SQL injection vulnerability in html/matPat/restaurarproduto.php. The idproduto parameter from $_GET is directly interpolated into SQL queries without parameterization or sanitization. This vulnerability is fixed in 3.6.6.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
8.8
-
3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
C
H
U
-
Related Resources
No items found.
References
https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31895.json, https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-m39r-p62f-vmqm, https://nvd.nist.gov/vuln/detail/CVE-2026-31895
Basic Information
Ecosystem
