CVE-2026-23723 is an authenticated SQL Injection vulnerability classified under CWE-89, found in the WeGIA web management platform for charitable institutions developed by LabRedesCefetRJ. The vulnerability exists in the Atendido_ocorrenciaControle endpoint, specifically through the id_memorando parameter, which fails to properly neutralize special SQL elements. This improper input sanitization allows an authenticated attacker to inject malicious SQL commands, enabling full database exfiltration. Sensitive data, including personally identifiable information (PII), can be exposed, posing significant privacy and compliance risks. Additionally, in environments where the system is misconfigured, attackers may leverage this flaw to perform arbitrary file reads, potentially escalating the attack to compromise system integrity or gain further access. The vulnerability requires an attacker to have authenticated access with high privileges, but no user interaction is needed beyond that. The CVSS v3.1 score of 7.2 reflects the high impact on confidentiality, integrity, and availability, combined with the ease of network exploitation and low attack complexity. The issue was addressed and fixed in WeGIA version 3.6.2, and users of earlier versions are strongly advised to upgrade. No public exploits have been reported yet, but the potential damage warrants immediate attention.

For European organizations, especially charitable institutions using WeGIA, this vulnerability poses a severe risk of data breaches involving sensitive personal data, which could lead to violations of GDPR and other privacy regulations. Exposure of PII can result in legal penalties, reputational damage, and loss of donor trust. The ability to exfiltrate entire databases threatens operational continuity and data integrity. Furthermore, arbitrary file read capabilities in misconfigured environments could allow attackers to access system files, potentially leading to further compromise or lateral movement within networks. Given the nature of charitable organizations, which often handle sensitive beneficiary and donor information, the impact on confidentiality and compliance is critical. The requirement for authenticated access somewhat limits the attack surface but does not eliminate risk, as insider threats or compromised credentials could be exploited. The vulnerability's network accessibility means remote attackers can exploit it without physical access, increasing the threat scope.

European organizations using WeGIA should immediately upgrade to version 3.6.2 or later, where the vulnerability is patched. Until the upgrade is applied, restrict access to the Atendido_ocorrenciaControle endpoint to only trusted and necessary users, and enforce strict authentication and authorization controls to minimize the risk of credential compromise. Implement robust monitoring and logging of database queries and application logs to detect unusual or suspicious activity indicative of SQL injection attempts. Conduct regular security audits and penetration testing focusing on input validation and access controls. Additionally, review and harden server and application configurations to prevent arbitrary file read vulnerabilities, including proper file system permissions and disabling unnecessary services. Employ Web Application Firewalls (WAFs) with rules targeting SQL injection patterns as a temporary protective measure. Educate staff about credential security and the risks of phishing to reduce the likelihood of attacker access via compromised accounts.