{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/wegia/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-40285"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["wegia","sql-injection","cve-2026-40285","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eWeGIA, a web manager for charitable institutions, is susceptible to a SQL injection vulnerability affecting versions prior to 3.6.10. This flaw, identified as CVE-2026-40285, resides in the \u003ccode\u003edao/memorando/UsuarioDAO.php\u003c/code\u003e file. The vulnerability stems from the insecure handling of the \u003ccode\u003ecpf_usuario\u003c/code\u003e POST parameter within the \u003ccode\u003eDespachoControle::verificarDespacho()\u003c/code\u003e function, where the \u003ccode\u003eextract($_REQUEST)\u003c/code\u003e function overwrites the session-stored user identity. An attacker can then manipulate the \u003ccode\u003ecpf_usuario\u003c/code\u003e value, which is subsequently interpolated directly into a raw SQL query. This allows an authenticated user to execute arbitrary SQL queries with the privileges of an arbitrary user, potentially gaining unauthorized access to sensitive data. WeGIA version 3.6.10 addresses and resolves this critical vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the WeGIA web application.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST request targeting the endpoint associated with \u003ccode\u003eDespachoControle::verificarDespacho()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe crafted POST request includes the \u003ccode\u003ecpf_usuario\u003c/code\u003e parameter with a SQL injection payload.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eextract($_REQUEST)\u003c/code\u003e function processes the POST data, overwriting the legitimate session-stored user identity with the attacker-controlled \u003ccode\u003ecpf_usuario\u003c/code\u003e value.\u003c/li\u003e\n\u003cli\u003eThe application constructs a raw SQL query, directly interpolating the malicious \u003ccode\u003ecpf_usuario\u003c/code\u003e value into the query string without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe database executes the crafted SQL query, effectively querying the database as an arbitrary user specified by the attacker in the \u003ccode\u003ecpf_usuario\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe application returns the results of the injected SQL query to the attacker, potentially revealing sensitive information.\u003c/li\u003e\n\u003cli\u003eThe attacker can leverage the SQL injection to perform unauthorized data retrieval, modification, or deletion within the WeGIA application.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2026-40285) allows attackers to bypass authentication and access sensitive data within the WeGIA application. This could lead to the compromise of user accounts, financial records, or other confidential information managed by charitable institutions using WeGIA. The impact could range from data breaches and financial losses to reputational damage and legal repercussions for the affected organizations. The CVSS v3.1 base score of 8.8 indicates a high level of severity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade WeGIA installations to version 3.6.10 or later to remediate CVE-2026-40285.\u003c/li\u003e\n\u003cli\u003eDeploy the following Sigma rule to detect exploitation attempts by monitoring for POST requests containing potentially malicious SQL injection payloads in the \u003ccode\u003ecpf_usuario\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures for all user-supplied data, especially within the \u003ccode\u003eDespachoControle::verificarDespacho()\u003c/code\u003e function to prevent future SQL injection vulnerabilities.\u003c/li\u003e\n\u003cli\u003eReview web server logs for suspicious POST requests targeting WeGIA endpoints to identify potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-18T12:00:00Z","date_published":"2026-04-18T12:00:00Z","id":"/briefs/2026-04-wegia-sqli/","summary":"WeGIA versions prior to 3.6.10 are vulnerable to SQL injection via the cpf_usuario POST parameter, allowing authenticated users to query the database under an arbitrary identity.","title":"WeGIA SQL Injection Vulnerability (CVE-2026-40285)","url":"https://feed.craftedsignal.io/briefs/2026-04-wegia-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Wegia","version":"https://jsonfeed.org/version/1.1"}