{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31896", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-09T21:59:02.688Z", "datePublished": "2026-03-11T19:10:32.383Z", "dateUpdated": "2026-03-12T20:03:11.859Z"}, "containers": {"cna": {"title": "WeGIA has a Time-Based Blind SQL Injection in remover_produto_ocultar.php", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w7g3-87cr-8m83", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w7g3-87cr-8m83"}], "affected": [{"vendor": "LabRedesCefetRJ", "product": "WeGIA", "versions": [{"version": "< 3.6.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T19:10:32.383Z"}, "descriptions": [{"lang": "en", "value": "WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The remover_produto_ocultar.php script uses extract($_REQUEST) to populate local variables and then directly concatenates these variables into a SQL query executed via PDO::query. This allows an authenticated (or auth-bypassed) attacker to execute arbitrary SQL commands. This can be used to exfiltrate sensitive data from the database or, as demonstrated in this PoC, cause a time-based delay (denial of service). This vulnerability is fixed in 3.6.6."}], "source": {"advisory": "GHSA-w7g3-87cr-8m83", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T20:03:06.108300Z", "id": "CVE-2026-31896", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T20:03:11.859Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31896", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T20:03:06.108300Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T20:03:09.400Z"}}], "cna": {"title": "WeGIA has a Time-Based Blind SQL Injection in remover_produto_ocultar.php", "source": {"advisory": "GHSA-w7g3-87cr-8m83", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "LabRedesCefetRJ", "product": "WeGIA", "versions": [{"status": "affected", "version": "< 3.6.6"}]}], "references": [{"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w7g3-87cr-8m83", "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w7g3-87cr-8m83", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The remover_produto_ocultar.php script uses extract($_REQUEST) to populate local variables and then directly concatenates these variables into a SQL query executed via PDO::query. This allows an authenticated (or auth-bypassed) attacker to execute arbitrary SQL commands. This can be used to exfiltrate sensitive data from the database or, as demonstrated in this PoC, cause a time-based delay (denial of service). This vulnerability is fixed in 3.6.6."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T19:10:32.383Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31896", "state": "PUBLISHED", "dateUpdated": "2026-03-12T20:03:11.859Z", "dateReserved": "2026-03-09T21:59:02.688Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-11T19:10:32.383Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CDCF05A-C4CA-4349-9BEC-BD27A89E1699", "versionEndExcluding": "3.6.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The remover_produto_ocultar.php script uses extract($_REQUEST) to populate local variables and then directly concatenates these variables into a SQL query executed via PDO::query. This allows an authenticated (or auth-bypassed) attacker to execute arbitrary SQL commands. This can be used to exfiltrate sensitive data from the database or, as demonstrated in this PoC, cause a time-based delay (denial of service). This vulnerability is fixed in 3.6.6."}, {"lang": "es", "value": "WeGIA es un gestor web para instituciones ben\u00e9ficas. Antes de la versi\u00f3n 3.6.6, existe una vulnerabilidad cr\u00edtica de inyecci\u00f3n SQL en la aplicaci\u00f3n WeGIA. El script remover_produto_ocultar.php utiliza extract($_REQUEST) para poblar variables locales y luego concatena directamente estas variables en una consulta SQL ejecutada a trav\u00e9s de PDO::query. Esto permite a un atacante autenticado (o con autenticaci\u00f3n eludida) ejecutar comandos SQL arbitrarios. Esto puede usarse para exfiltrar datos sensibles de la base de datos o, como se demuestra en esta PoC, causar un retardo basado en el tiempo (denegaci\u00f3n de servicio). Esta vulnerabilidad est\u00e1 corregida en la 3.6.6."}], "id": "CVE-2026-31896", "lastModified": "2026-03-13T20:05:49.723", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-11T20:16:15.797", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w7g3-87cr-8m83"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}