CVE-2026-23723

HIGH

WeGIA < 3.6.2 - Authenticated SQL Injection via Atendido_ocorrenciaControle id_memorando Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-23723. PoCs published by XiaomingX, Ch35h1r3c47.

AI-analyzed exploit summary This repository contains a functional Python script that automates the exploitation of an authenticated SQL injection vulnerability in WeGIA ≤ 3.6.1. It handles login, session cookie extraction, and generates a sqlmap-compatible request file for further exploitation.

Description

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the Atendido_ocorrenciaControle endpoint via the id_memorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential arbitrary file reads in misconfigured environments. This vulnerability is fixed in 3.6.2.

Exploits (2)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-23723

View Code ZIP pw:eip

This repository contains a functional Python script that automates the exploitation of an authenticated SQL injection vulnerability in WeGIA ≤ 3.6.1. It handles login, session cookie extraction, and generates a sqlmap-compatible request file for further exploitation.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WeGIA ≤ 3.6.1

Auth required

Prerequisites: valid credentials for the WeGIA system · network access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC 3 stars

by Ch35h1r3c47 · poc

https://github.com/Ch35h1r3c47/CVE-2026-23723-POC

View Code ZIP pw:eip

This PoC automates the exploitation of an authenticated SQL injection vulnerability in WeGIA ≤ 3.6.1 by generating a sqlmap-compatible request file and providing ready-to-use commands for database enumeration and data extraction.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WeGIA ≤ 3.6.1

Auth required

Prerequisites: Valid credentials for the WeGIA system · Network access to the target system

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-xfmp-2hf9-gfjp

Issue Tracking, Patch x_refsource_misc

https://github.com/LabRedesCefetRJ/WeGIA/pull/1333

Release Notes x_refsource_misc

https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2

Scores

CVSS v3 7.2

EPSS 0.0038

EPSS Percentile 29.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

wegia/wegia < 3.6.2

Published Jan 16, 2026

Tracked Since Feb 18, 2026