Main Vulnerability Database SB2026043097

SB2026043097 - SQL injection in WeGIA

Published: April 30, 2026

Security Bulletin ID SB2026043097

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) SQL injection (CVE-ID: CVE-2025-46828)

The vulnerability allows a remote attacker to execute arbitrary SQL statements against the database.

The vulnerability exists due to SQL injection in the /html/socio/sistema/get_socios.php endpoint when processing the POST query parameter. A remote attacker can send a specially crafted POST request to execute arbitrary SQL statements against the database.

This may lead to data exfiltration, authentication bypass, or complete database compromise.

Remediation

Install update from vendor's website.

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-5qw5-q55h-6qg7
https://github.com/advisories/GHSA-5qw5-q55h-6qg7