Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-23723

7.2 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 3 months ago

WeGIA has a Critical SQL Injection in Atendido_ocorrenciaControle via id_memorando parameter

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the Atendido_ocorrenciaControle endpoint via the id_memorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential arbitrary file reads in misconfigured environments. This vulnerability is fixed in 3.6.2.

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-xfmp-2hf9-gfjp x_refsource_CONFIRM
https://github.com/LabRedesCefetRJ/WeGIA/pull/1333 x_refsource_MISC
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2 x_refsource_MISC

Affected products

WeGIA

==< 3.6.2

Matching in nixpkgs

pkgs.perlPackages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-unstable 1.2
- nixpkgs-unstable 1.2
- nixos-unstable-small 1.2
nixos-25.11 1.2
- nixpkgs-25.11-darwin 1.2

pkgs.perl538Packages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-unstable 1.2
- nixpkgs-unstable 1.2
- nixos-unstable-small 1.2
nixos-25.11 1.2
- nixpkgs-25.11-darwin 1.2

pkgs.perl540Packages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-unstable 1.2
- nixpkgs-unstable 1.2
- nixos-unstable-small 1.2