Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2026-33133

created 1 day, 11 hours ago

WeGIA has an arbitrary SQL execution vulnerability via crafted backup archive

WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB() function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator accounts, modify existing passwords, or execute any database operation. This was introduced in commit 370104c. This issue was patched in version 3.6.7.

References

https://github.com/LabRedesCefetRJ/WeGIA/pull/1459 x_refsource_MISC
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.7 x_refsource_MISC
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qqff-p8fc-hg5f x_refsource_CONFIRM

Affected products

WeGIA

==>= 3.6.5, < 3.6.7

Matching in nixpkgs

pkgs.perlPackages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-unstable 1.2
- nixpkgs-unstable 1.2
- nixos-unstable-small 1.2
nixos-25.11 1.2
- nixos-25.11-small 1.2
- nixpkgs-25.11-darwin 1.2

pkgs.perl5Packages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-unstable 1.2
- nixpkgs-unstable 1.2
- nixos-unstable-small 1.2

pkgs.perl538Packages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-25.11 1.2
- nixos-25.11-small 1.2
- nixpkgs-25.11-darwin 1.2

pkgs.perl540Packages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-25.11 1.2
- nixos-25.11-small 1.2
- nixpkgs-25.11-darwin 1.2