CVE-2026-33991 in LabRedesCefetRJ WeGIAinfo

Summary

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches the vulnerability.

Responsible

GitHub_M

Reservation

03/24/2026

Disclosure

03/28/2026

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
354062	LabRedesCefetRJ WeGIA deletar_tag.php deletar_tag sql injection	89	Not defined	Official fix	CVE-2026-33991

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Want to know what is going to be exploited?

We predict KEV entries!