CVE-2026-33134 - Vulnerability Analysis
CriticalCVSS: 9.3Last Updated: March 20, 2026
WeGIA - SQL Injection
Overview
WeGIA <= 3.6.5 contains an authenticated SQL injection caused by unsanitized id_produto GET parameter in html/matPat/restaurar_produto.php, letting authenticated attackers execute arbitrary SQL commands, exploit requires authentication.
Severity & Score
Impact
Authenticated attackers can execute arbitrary SQL commands, leading to full database compromise.
Mitigation
Upgrade to version 3.6.6 or later.
References
Social Media Activity(3 posts)
📺 https://peer.adalta.social/w/wg6KobEvvKKJLWMzqGDZtq 🔗 [🇩🇪🇺🇸🇫🇷](https://adalta.info/articles/prstn_security_116266728422046419_fr) 🔗 [ℹ️](https://www.redpacketsecurity.com/cve-alert-cve-2026-33134-labredescefetrj-wegia/") Une injection SQL authentifiée dans WeGIA compromet l'intégralité des bases de données des institutions. #cybersecurity #security #osint #threatintel #cve
View original post📺 https://peer.adalta.social/w/vUPVbxbkikKKbXfJUWY7un 🔗 [🇩🇪🇺🇸🇫🇷](https://adalta.info/articles/prstn_security_116266728422046419_en) 🔗 [ℹ️](https://www.redpacketsecurity.com/cve-alert-cve-2026-33134-labredescefetrj-wegia/") An authenticated SQL injection in WeGIA enables full database compromise, demanding immediate remediation for high-risk organizations. #cybersecurity #security #osint #threatintel #cve
View original post📺 https://peer.adalta.social/w/gG6EiykmeMqKds94uYjSvn 🔗 [🇩🇪🇺🇸🇫🇷](https://adalta.info/articles/prstn_security_116266728422046419_de) 🔗 [ℹ️](https://www.redpacketsecurity.com/cve-alert-cve-2026-33134-labredescefetrj-wegia/") Authentifizierte SQL-Injektion in einer Wohltätigkeitssoftware ermöglicht vollständige Datenbankkompromittierung. #cybersecurity #security #osint #threatintel #cve
View original postRelated Resources
Details
- CVE ID
- CVE-2026-33134
- Severity
- Critical
- CVSS Score
- 9.3
- Type
- sql_injection
- Status
- confirmed
- EPSS
- 3.0%
- Social Posts
- 3
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N