CVE-2026-23723

HIGH

WeGIA <3.6.2 - SQL Injection

Title source: llm

Description

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the Atendido_ocorrenciaControle endpoint via the id_memorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential arbitrary file reads in misconfigured environments. This vulnerability is fixed in 3.6.2.

Exploits (2)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-23723

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by Ch35h1r3c47 · poc

https://github.com/Ch35h1r3c47/CVE-2026-23723-POC

View Code ZIP pw:eip

References (3)

[Issue Tracking, Patch] https://github.com/LabRedesCefetRJ/WeGIA/pull/1333

[Release Notes] https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2

[Exploit, Vendor Advisory] https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-xfmp-2hf9-gfjp

Scores

CVSS v3 7.2

EPSS 0.0002

EPSS Percentile 3.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

wegia/wegia < 3.6.2

Published Jan 16, 2026

Tracked Since Feb 18, 2026