CVE-2026-33991 - Vulnerability Analysis

Offensive Sequence

@offseq

Mar 28, 2026

⚠️ CVE-2026-33991: HIGH severity SQL Injection in WeGIA < 3.6.7. Vulnerable PHP code in deletar_tag.php lets attackers inject SQL remotely — risking data theft & disruption for charities. Patch to 3.6.7 or mitigate ASAP. https://radar.offseq.com/threat/cve-2026-33991-cwe-89-improper-neutralization-of-s-585124c0 #OffSeq #SQLInjection #Infosec

TheHackerWire

@thehackerwire

Mar 27, 2026

🟠 CVE-2026-33991 - High (8.8) WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL queries on lines 16-17 without... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33991/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

Offensive Sequence

@offseq

Mar 28, 2026

⚠️ CVE-2026-33991: HIGH severity SQL Injection in WeGIA < 3.6.7. Vulnerable PHP code in deletar_tag.php lets attackers inject SQL remotely — risking data theft & disruption for charities. Patch to 3.6.7 or mitigate ASAP. https://radar.offseq.com/threat/cve-2026-33991-cwe-89-improper-neutralization-of-s-585124c0 #OffSeq #SQLInjection #Infosec

TheHackerWire

@thehackerwire

Mar 27, 2026

🟠 CVE-2026-33991 - High (8.8) WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL queries on lines 16-17 without... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33991/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack