{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-35395/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-35395"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-35395","sql-injection","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eWeGIA (Web gerenciador para instituições assistenciais) is a web manager for charitable institutions. Versions prior to 3.6.9 are susceptible to a critical SQL injection vulnerability (CVE-2026-35395) found in the \u003ccode\u003edao/memorando/DespachoDAO.php\u003c/code\u003e file. The \u003ccode\u003eid_memorando\u003c/code\u003e parameter, extracted from the \u003ccode\u003e$_REQUEST\u003c/code\u003e array, is directly incorporated into SQL queries without any validation or sanitization. This flaw enables authenticated users with low privileges to inject arbitrary SQL commands, potentially leading to complete database compromise. Successful exploitation could result in data breaches, modification of sensitive information, and denial-of-service conditions. Defenders should prioritize upgrading to version 3.6.9 or applying provided patches immediately.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated user logs into the WeGIA web application.\u003c/li\u003e\n\u003cli\u003eThe user navigates to a page that triggers the execution of \u003ccode\u003edao/memorando/DespachoDAO.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe application extracts the \u003ccode\u003eid_memorando\u003c/code\u003e parameter from the \u003ccode\u003e$_REQUEST\u003c/code\u003e array using the HTTP GET or POST method.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious \u003ccode\u003eid_memorando\u003c/code\u003e parameter containing SQL injection payloads (e.g., \u003ccode\u003e1; DROP TABLE users; --\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe application directly interpolates the attacker-controlled \u003ccode\u003eid_memorando\u003c/code\u003e parameter into an SQL query without proper sanitization within the \u003ccode\u003eDespachoDAO.php\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eThe database server executes the injected SQL command, allowing the attacker to manipulate database records, read sensitive data, or execute arbitrary commands.\u003c/li\u003e\n\u003cli\u003eThe attacker may exfiltrate sensitive data from the database, such as user credentials, financial information, or confidential memorandums.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves complete database compromise, potentially leading to a full system takeover.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe SQL injection vulnerability in WeGIA versions prior to 3.6.9 poses a significant risk to charitable institutions using the software. Successful exploitation can lead to unauthorized access to sensitive donor information, financial records, and confidential communications. The potential impact includes data breaches, financial losses, reputational damage, and legal liabilities. Given the nature of the targeted institutions, this vulnerability could severely disrupt their operations and erode public trust, potentially affecting thousands of individuals. Organizations that do not apply the patch are vulnerable to data breaches.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade WeGIA to version 3.6.9 to remediate the SQL injection vulnerability described in CVE-2026-35395.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for all user-supplied data, especially the \u003ccode\u003eid_memorando\u003c/code\u003e parameter in \u003ccode\u003eDespachoDAO.php\u003c/code\u003e, to prevent future SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious WeGIA SQL Injection Attempts\u0026rdquo; to your SIEM and tune it for your environment to detect exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing SQL injection payloads targeting the \u003ccode\u003edao/memorando/DespachoDAO.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eRestrict database access privileges to the minimum required for WeGIA to function correctly.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-06T21:16:21Z","date_published":"2026-04-06T21:16:21Z","id":"/briefs/2026-04-wegia-sql-injection/","summary":"WeGIA web manager versions prior to 3.6.9 are vulnerable to SQL injection, allowing authenticated users to execute arbitrary SQL commands by directly interpolating the id_memorando parameter from $_REQUEST into SQL queries without validation, as identified by CVE-2026-35395.","title":"WeGIA Web Manager SQL Injection Vulnerability (CVE-2026-35395)","url":"https://feed.craftedsignal.io/briefs/2026-04-wegia-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-35395","version":"https://jsonfeed.org/version/1.1"}