{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31896", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-09T21:59:02.688Z", "datePublished": "2026-03-11T19:10:32.383Z", "dateUpdated": "2026-03-12T20:03:11.859Z"}, "containers": {"cna": {"title": "WeGIA has a Time-Based Blind SQL Injection in remover_produto_ocultar.php", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w7g3-87cr-8m83", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w7g3-87cr-8m83"}], "affected": [{"vendor": "LabRedesCefetRJ", "product": "WeGIA", "versions": [{"version": "< 3.6.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T19:10:32.383Z"}, "descriptions": [{"lang": "en", "value": "WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The remover_produto_ocultar.php script uses extract($_REQUEST) to populate local variables and then directly concatenates these variables into a SQL query executed via PDO::query. This allows an authenticated (or auth-bypassed) attacker to execute arbitrary SQL commands. This can be used to exfiltrate sensitive data from the database or, as demonstrated in this PoC, cause a time-based delay (denial of service). This vulnerability is fixed in 3.6.6."}], "source": {"advisory": "GHSA-w7g3-87cr-8m83", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T20:03:06.108300Z", "id": "CVE-2026-31896", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T20:03:11.859Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31896", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T20:03:06.108300Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T20:03:09.400Z"}}], "cna": {"title": "WeGIA has a Time-Based Blind SQL Injection in remover_produto_ocultar.php", "source": {"advisory": "GHSA-w7g3-87cr-8m83", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "LabRedesCefetRJ", "product": "WeGIA", "versions": [{"status": "affected", "version": "< 3.6.6"}]}], "references": [{"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w7g3-87cr-8m83", "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w7g3-87cr-8m83", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The remover_produto_ocultar.php script uses extract($_REQUEST) to populate local variables and then directly concatenates these variables into a SQL query executed via PDO::query. This allows an authenticated (or auth-bypassed) attacker to execute arbitrary SQL commands. This can be used to exfiltrate sensitive data from the database or, as demonstrated in this PoC, cause a time-based delay (denial of service). This vulnerability is fixed in 3.6.6."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T19:10:32.383Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31896", "state": "PUBLISHED", "dateUpdated": "2026-03-12T20:03:11.859Z", "dateReserved": "2026-03-09T21:59:02.688Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-11T19:10:32.383Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CDCF05A-C4CA-4349-9BEC-BD27A89E1699", "versionEndExcluding": "3.6.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The remover_produto_ocultar.php script uses extract($_REQUEST) to populate local variables and then directly concatenates these variables into a SQL query executed via PDO::query. This allows an authenticated (or auth-bypassed) attacker to execute arbitrary SQL commands. This can be used to exfiltrate sensitive data from the database or, as demonstrated in this PoC, cause a time-based delay (denial of service). This vulnerability is fixed in 3.6.6."}, {"lang": "es", "value": "WeGIA es un gestor web para instituciones ben\u00e9ficas. Antes de la versi\u00f3n 3.6.6, existe una vulnerabilidad cr\u00edtica de inyecci\u00f3n SQL en la aplicaci\u00f3n WeGIA. El script remover_produto_ocultar.php utiliza extract($_REQUEST) para poblar variables locales y luego concatena directamente estas variables en una consulta SQL ejecutada a trav\u00e9s de PDO::query. Esto permite a un atacante autenticado (o con autenticaci\u00f3n eludida) ejecutar comandos SQL arbitrarios. Esto puede usarse para exfiltrar datos sensibles de la base de datos o, como se demuestra en esta PoC, causar un retardo basado en el tiempo (denegaci\u00f3n de servicio). Esta vulnerabilidad est\u00e1 corregida en la 3.6.6."}], "id": "CVE-2026-31896", "lastModified": "2026-03-13T20:05:49.723", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-11T20:16:15.797", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w7g3-87cr-8m83"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.6.6)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "WeGIA", "source": "cna", "vendor": "LabRedesCefetRJ"}, "product": "wegia", "vendor": "labredescefetrj"}], "analysis": {"en": {"generated_at": "2026-03-17T15:48:24.702564+00:00", "value": {"mitigation_remediation": ["Upgrade WeGIA to version 3.6.6 or later to eliminate the SQL injection flaw. ", "If an immediate upgrade is not possible, restrict access to remover_produto_ocultar.php to authorized administrators only and monitor for unusual activity. ", "Implement input validation and sanitization for all user\u2011supplied data, and transition to prepared statements or ORM frameworks to avoid direct string concatenation in SQL queries."], "summary": {"action": "Immediate Patch", "impact": "SQL Injection"}, "threat_synthesis": {"affected_systems": "The affected product is LabRedesCefetRJ\u2019s WeGIA application. All installations of version 3.6.5 and earlier are vulnerable; the issue is fixed in version 3.6.6 and beyond. The affected component is identified by the CPE string cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*.", "description_and_impact": "WeGIA\u2019s remover_produto_ocultar.php uses PHP\u2019s extract() to copy all request variables into local scope and then concatenates those variables directly into a SQL query executed via PDO::query. This flaw allows an authenticated or authentication\u2011bypassed attacker to inject arbitrary SQL commands. The result is a full SQL injection vulnerability that can be used to exfiltrate sensitive data from the database or, as demonstrated in the PoC, to cause a time\u2011based delay that can be leveraged for denial\u2011of\u2011service. The vulnerability is classified as CWE\u201189 and carries a CVSS score of 9.8.", "risk_and_exploitability": "The CVSS score indicates a very high severity, while the EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Because the flaw requires the attacker to supply request parameters, it is likely exploitable via authenticated or auth\u2011bypassed access, though the time\u2011based denial\u2011of\u2011service technique could potentially be triggered remotely depending on the server configuration. Overall, the risk remains high due to the severity and the ease with which an attacker who can supply input can exploit the issue."}}}}, "created": "2026-03-12T09:56:47.602425+00:00", "updated": "2026-03-20T15:29:22.351157+00:00", "vendors": ["labredescefetrj", "labredescefetrj$PRODUCT$wegia"]}