CVE-2026-28411

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `extract()` function on the `$_REQUEST` superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass authentication checks, allowing unauthorized access to administrative and protected areas of the WeGIA application. Version 3.6.5 fixes the issue.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-g7r9-hxc8-8vh7	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-27 22:16

Updated : 2026-03-03 17:56

NVD link : CVE-2026-28411

Mitre link : CVE-2026-28411

CVE.ORG link : CVE-2026-28411

JSON object : View

Products Affected

wegia

wegia

CWE

CWE-288

Authentication Bypass Using an Alternate Path or Channel

CWE-473

PHP External Variable Modification

{"id": "CVE-2026-28411", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-02-27T22:16:24.170", "references": [{"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-g7r9-hxc8-8vh7", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-288"}, {"lang": "en", "value": "CWE-473"}]}], "descriptions": [{"lang": "en", "value": "WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `extract()` function on the `$_REQUEST` superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass authentication checks, allowing unauthorized access to administrative and protected areas of the WeGIA application. Version 3.6.5 fixes the issue."}, {"lang": "es", "value": "WeGIA es un gestor web para instituciones ben\u00e9ficas. Antes de la versi\u00f3n 3.6.5, un uso inseguro de la funci\u00f3n 'extract()' en la superglobal '$_REQUEST' permite a un atacante no autenticado sobrescribir variables locales en m\u00faltiples scripts PHP. Esta vulnerabilidad puede ser explotada para eludir completamente las comprobaciones de autenticaci\u00f3n, permitiendo el acceso no autorizado a \u00e1reas protegidas y de administraci\u00f3n de la aplicaci\u00f3n WeGIA. La versi\u00f3n 3.6.5 corrige el problema."}], "lastModified": "2026-03-03T17:56:18.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17C16038-DA4A-4219-AC79-57CD78C1A5C9", "versionEndExcluding": "3.6.5"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}