{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-33991/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-33991","sql-injection","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eWeGIA, a web manager for charitable institutions, is susceptible to SQL injection in versions prior to 3.6.7. The vulnerability resides in the \u003ccode\u003ehtml/socio/sistema/deletar_tag.php\u003c/code\u003e file, where the application uses \u003ccode\u003eextract($_REQUEST)\u003c/code\u003e on line 14 and directly concatenates the \u003ccode\u003e$id_tag\u003c/code\u003e variable into SQL queries on lines 16-17. This occurs without proper sanitization or the use of prepared statements. The lack of input validation allows attackers to inject arbitrary SQL commands, potentially…\u003c/p\u003e\n","date_modified":"2026-03-27T23:17:13Z","date_published":"2026-03-27T23:17:13Z","id":"/briefs/2026-03-wegia-sqli/","summary":"WeGIA web manager prior to version 3.6.7 is vulnerable to SQL injection via the `id_tag` parameter in the `deletar_tag.php` script due to unsanitized input and direct concatenation into SQL queries, potentially allowing attackers to read, modify, or delete data.","title":"WeGIA Web Manager SQL Injection Vulnerability (CVE-2026-33991)","url":"https://feed.craftedsignal.io/briefs/2026-03-wegia-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-33991","version":"https://jsonfeed.org/version/1.1"}