CVE-2026-23723 is a high-severity SQL Injection vulnerability identified in the WeGIA web management platform developed by LabRedesCefetRJ, primarily used by charitable institutions. The vulnerability exists in versions prior to 3.6.2 within the Atendido_ocorrenciaControle endpoint, specifically through the id_memorando parameter. This parameter is improperly sanitized, allowing authenticated users to inject malicious SQL commands. Exploitation enables attackers to perform full database exfiltration, exposing sensitive PII such as donor information, beneficiary data, and internal records. Additionally, in environments where the server is misconfigured, attackers may leverage this flaw to read arbitrary files, potentially escalating the impact beyond data theft to system compromise. The vulnerability requires authentication but no user interaction, and the attack vector is network-based with low attack complexity. The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) reflects high impact on confidentiality, integrity, and availability. Although no active exploits have been reported, the vulnerability poses a significant risk to organizations relying on WeGIA. The vendor has addressed the issue in version 3.6.2, and upgrading is strongly recommended.

For European organizations, the impact of this vulnerability is substantial. Charitable institutions often handle sensitive personal data, including donor identities, financial contributions, and beneficiary information, all of which are protected under GDPR. Exploitation could lead to large-scale data breaches, resulting in regulatory penalties, reputational damage, and loss of stakeholder trust. The ability to exfiltrate entire databases threatens confidentiality, while arbitrary file reads could compromise system integrity and availability if attackers gain further footholds. Given the authenticated nature of the vulnerability, insider threats or compromised credentials could be leveraged to exploit this flaw. The disruption of charitable operations could also affect service delivery to vulnerable populations. Therefore, the threat extends beyond data loss to operational and compliance risks within the European context.

European organizations using WeGIA should immediately upgrade to version 3.6.2 or later to remediate the vulnerability. Until patching is complete, implement strict access controls to limit authenticated user privileges, especially restricting access to the Atendido_ocorrenciaControle endpoint. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious SQL injection patterns targeting the id_memorando parameter. Conduct thorough credential audits and enforce multi-factor authentication (MFA) to reduce the risk of compromised accounts. Regularly monitor logs for anomalous database queries or unusual file access attempts. Additionally, review server configurations to eliminate misconfigurations that could allow arbitrary file reads. Implement network segmentation to isolate critical databases and sensitive systems from general user access. Finally, conduct security awareness training focused on credential security and insider threat detection.