SB20260423167 - Multiple vulnerabilities in WeGIA
Published: April 23, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 vulnerabilities.
1) SQL injection (CVE-ID: CVE-2026-23723)
CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to SQL injection in the Atendido_ocorrenciaControle endpoint when handling the id_memorando parameter. A remote privileged user can send a specially crafted request to disclose sensitive information.
In misconfigured environments where the database FILE privilege is enabled, local file contents may also be exposed.
2) Cross-site scripting (CVE-ID: CVE-2026-23722)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to execute arbitrary code in the victim's browser and perform ui redressing.
The vulnerability exists due to cross-site scripting in html/memorando/insere_despacho.php when processing the id_memorando GET parameter. A remote attacker can send a specially crafted link to execute arbitrary code in the victim's browser and perform ui redressing.
The injected content is reflected into the HTML response, and the advisory demonstrates that opening a crafted link can overlay the application interface with attacker-controlled iframe content.
3) Improper Restriction of Rendered UI Layers or Frames (CVE-ID: CVE-2026-23731)
CWE-ID: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform ui redressing attacks and trigger unauthorized actions.
The vulnerability exists due to improper restriction of rendered ui layers or frames in the web application when handling framed page loads. A remote attacker can embed the application in a malicious page and trick a user into clicking disguised elements to perform ui redressing attacks and trigger unauthorized actions.
User interaction is required, and exploitation relies on the victim having an active session.
4) Open redirect (CVE-ID: CVE-2026-23730)
CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to redirect users to arbitrary external websites.
The vulnerability exists due to url redirection to an untrusted site in the control.php endpoint when handling the nextPage parameter with metodo=listarTodos and nomeClasse=ProdutoControle. A remote user can send a specially crafted request to redirect users to arbitrary external websites.
User interaction is required for the victim to follow the crafted link.
5) Open redirect (CVE-ID: CVE-2026-23729)
CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to redirect users to arbitrary external websites.
The vulnerability exists due to url redirection to an untrusted site in the /WeGIA/controle/control.php endpoint when processing the nextPage parameter with metodo=listarDescricao and nomeClasse=ProdutoControle. A remote user can send a crafted request containing an external URL in the nextPage parameter to redirect users to arbitrary external websites.
User interaction is required for the redirect to occur.
6) Open redirect (CVE-ID: CVE-2026-23728)
CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to redirect users to arbitrary external websites.
The vulnerability exists due to url redirection to an untrusted site in the /WeGIA/controle/control.php endpoint when processing the nextPage parameter with metodo=listarTodos and nomeClasse=DestinoControle. A remote user can send a specially crafted request to redirect users to arbitrary external websites.
User interaction is required to follow the crafted redirect.
7) Open redirect (CVE-ID: CVE-2026-23727)
CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to redirect users to arbitrary external websites.
The vulnerability exists due to url redirection to an untrusted site in the control.php endpoint when processing the nextPage parameter with metodo=listarTodos and nomeClasse=TipoSaidaControle. A remote user can send a specially crafted request to redirect users to arbitrary external websites.
User interaction is required for the victim to follow the crafted link or request.
8) Open redirect (CVE-ID: CVE-2026-23726)
CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to redirect users to arbitrary external websites.
The vulnerability exists due to url redirection to an untrusted site in the /WeGIA/controle/control.php endpoint when processing the nextPage parameter with metodo=listarTodos and nomeClasse=TipoEntradaControle. A remote user can send a crafted request with a malicious nextPage value to redirect users to arbitrary external websites.
User interaction is required for the redirect to be followed.
9) Cross-site scripting (CVE-ID: CVE-2026-23725)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary JavaScript in the victim's browser.
The vulnerability exists due to cross-site scripting in the Adopters Information table in html/pet/adotantes/informacao_adotantes.php when rendering adopter records containing user-controlled nome input. A remote user can save a specially crafted adopter name to execute arbitrary JavaScript in the victim's browser.
The injected payload is stored and executes automatically when the Adopters Information page is loaded.
10) Cross-site scripting (CVE-ID: CVE-2026-23724)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary JavaScript in the victim's browser.
The vulnerability exists due to cross-site scripting in the "Atendido" selection dropdown within html/atendido/cadastro_ocorrencia.php when rendering database-backed user-controlled data. A remote user can store a crafted payload in an Atendido value to execute arbitrary JavaScript in the victim's browser.
The issue is triggered when the occurrence registration page loads and renders the stored value inside the dropdown.
Remediation
Install update from vendor's website.
References
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-xfmp-2hf9-gfjp
- https://github.com/advisories/GHSA-xfmp-2hf9-gfjp
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-g7hh-6qj7-mcqf
- https://github.com/advisories/GHSA-g7hh-6qj7-mcqf
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-99qp-hjvh-c59q
- https://github.com/advisories/GHSA-99qp-hjvh-c59q
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6gx4-6gwv-cxc3
- https://github.com/advisories/GHSA-6gx4-6gwv-cxc3
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w88p-v7h6-m728
- https://github.com/advisories/GHSA-w88p-v7h6-m728
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jf25-p56f-wpgh
- https://github.com/advisories/GHSA-jf25-p56f-wpgh
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-pmq9-8p4w-m4f3
- https://github.com/advisories/GHSA-pmq9-8p4w-m4f3
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-h7qx-j7g3-7fx3
- https://github.com/advisories/GHSA-h7qx-j7g3-7fx3
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-c85q-4fwg-99gw
- https://github.com/advisories/GHSA-c85q-4fwg-99gw
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-3r3q-8573-g3cq
- https://github.com/advisories/GHSA-3r3q-8573-g3cq