https://feed.craftedsignal.io/tags/cve-2026-33991/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 27 Mar 2026 23:17:13 +0000https://feed.craftedsignal.io/briefs/2026-03-wegia-sqli/Fri, 27 Mar 2026 23:17:13 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-wegia-sqli/WeGIA web manager prior to version 3.6.7 is vulnerable to SQL injection via the `id_tag` parameter in the `deletar_tag.php` script due to unsanitized input and direct concatenation into SQL queries, potentially allowing attackers to read, modify, or delete data.WeGIA, a web manager for charitable institutions, is susceptible to SQL injection in versions prior to 3.6.7. The vulnerability resides in the html/socio/sistema/deletar_tag.php file, where the application uses extract($_REQUEST) on line 14 and directly concatenates the $id_tag variable into SQL queries on lines 16-17. This occurs without proper sanitization or the use of prepared statements. The lack of input validation allows attackers to inject arbitrary SQL commands, potentially…

]]>highadvisorycve-2026-33991sql-injectionweb-application