{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T04:24:46.635","vulnerabilities":[{"cve":{"id":"CVE-2026-28411","sourceIdentifier":"security-advisories@github.com","published":"2026-02-27T22:16:24.170","lastModified":"2026-03-03T17:56:18.417","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `extract()` function on the `$_REQUEST` superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass authentication checks, allowing unauthorized access to administrative and protected areas of the WeGIA application. Version 3.6.5 fixes the issue."},{"lang":"es","value":"WeGIA es un gestor web para instituciones benéficas. Antes de la versión 3.6.5, un uso inseguro de la función 'extract()' en la superglobal '$_REQUEST' permite a un atacante no autenticado sobrescribir variables locales en múltiples scripts PHP. Esta vulnerabilidad puede ser explotada para eludir completamente las comprobaciones de autenticación, permitiendo el acceso no autorizado a áreas protegidas y de administración de la aplicación WeGIA. La versión 3.6.5 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-288"},{"lang":"en","value":"CWE-473"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*","versionEndExcluding":"3.6.5","matchCriteriaId":"17C16038-DA4A-4219-AC79-57CD78C1A5C9"}]}]}],"references":[{"url":"https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-g7r9-hxc8-8vh7","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}