CVE-2026-31896:
Critical SQL injection vulnerability in WeGIA versions prior to 3.6.6 allows authenticated attackers to execute arbitrary SQL commands.
Score
A numerical rating that indicates how dangerous this vulnerability is.
9.8Critical- Published Date:Mar 11, 2026
- CISA KEV Date:*No Data*
- Industries Affected:20
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Critical SQL injection vulnerability in WeGIA versions prior to 3.6.6 allows authenticated attackers to execute arbitrary SQL commands.
Overview
The vulnerability in WeGIA is classified as critical with a CVSS v3.1 base score of 9.8. It allows network-based attacks with low complexity and requires no user interaction. The impact on confidentiality, integrity, and availability is high. The weakness is categorized as CWE-89, which refers to SQL injection. This vulnerability highlights the dangers of improper input handling and direct use of user-supplied data in SQL queries, emphasizing the need for proper input validation and parameterized queries in web applications.
Remediation
- To address this vulnerability, users of WeGIA should immediately upgrade to version 3.6.6 or later. The fix implemented in this version likely includes proper input validation and the use of parameterized queries to prevent SQL injection attacks. In addition to upgrading, it is recommended that administrators review their application's security posture, implement strong authentication mechanisms, and consider using web application firewalls as an additional layer of protection against SQL injection attempts.
References
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
