Home / Vulnerability Intelligence / CVE-2026-33133

CVE-2026-33133 - Vulnerability Analysis

HighCVSS: 7.2

Last Updated: March 20, 2026

WeGIA - SQL Injection

Published: March 20, 2026Updated: March 20, 2026PoC AvailableRemote Exploitable

Overview

WeGIA 3.6.5 and 3.6.6 contain a SQL injection caused by lack of content validation in loadBackupDB() function importing SQL files from backup archives, letting attackers execute arbitrary database operations remotely, exploit requires crafted backup archive upload.

Severity & Score

Severity: High

CVSS Score: 7.2

Impact

Attackers can execute arbitrary SQL commands, creating rogue admin accounts or modifying passwords, leading to full database compromise.

Mitigation

Upgrade to version 3.6.7 or later.

References

https://github.com/LabRedesCefetRJ/WeGIA/pull/1459
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.7
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qqff-p8fc-hg5f

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-33133
Severity: High
CVSS Score: 7.2
Type: sql_injection
Status: confirmed

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H