Description
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiar_docfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping the backend infrastructure and expanding the attack surface. This vulnerability is fixed in 3.7.0.
Published: 2026-05-11
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In versions of WeGIA before 3.7.0 the file atendido/familiar_docfamiliar.php presents an overly verbose error message that contains database details. This excessive disclosure can reveal internal database structure and configuration, assisting an attacker in mapping the backend and expanding the attack surface. The flaw is identified as a classic information‑disclosure weakness under CWE‑200, affecting confidentiality rather than direct code execution or denial of service.

Affected Systems

The vulnerability applies to all installations of the WeGIA web manager produced by LabRedesCefetRJ running any version earlier than 3.7.0. No finer version granularity is supplied beyond the major release cutoff.

Risk and Exploitability

The CVSS score of 6.9 points to a moderate severity issue. As the EPSS score is not available, the likelihood of exploitation is not quantified, and the vulnerability is not listed in the CISA KEV catalog, indicating no widespread exploitation to date. The likely attack vector is a web request to the /atendido/familiar_docfamiliar.php endpoint, potentially executable without authentication, which would trigger the verbose error output. The disclosed database information aids further reconnaissance but it does not directly lead to code execution or system compromise.

Generated by OpenCVE AI on May 11, 2026 at 20:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WeGIA to version 3.7.0 or later, which removes the verbose error output.
  • If upgrading immediately is not possible, configure the application or web server to suppress detailed error messages so that database details are not displayed to end users.
  • Monitor application logs and error output for any accidental disclosure of internal data after the configuration change.

Generated by OpenCVE AI on May 11, 2026 at 20:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Labredescefetrj
Labredescefetrj wegia
Vendors & Products Labredescefetrj
Labredescefetrj wegia

Mon, 11 May 2026 18:45:00 +0000

Type Values Removed Values Added
Description WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiar_docfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping the backend infrastructure and expanding the attack surface. This vulnerability is fixed in 3.7.0.
Title WeGIA: Error Handling familiar_docfamiliar
Weaknesses CWE-200
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Labredescefetrj Wegia
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-11T18:31:37.500Z

Reserved: 2026-04-30T18:49:06.711Z

Link: CVE-2026-42871

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-11T19:16:24.817

Modified: 2026-05-11T19:16:24.817

Link: CVE-2026-42871

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T20:30:16Z

Weaknesses