CVE-2026-28411 - WeGIA Vulnerable to Authentication Bypass via `extract($_REQUEST)`

CVE ID : CVE-2026-28411 Published : Feb. 27, 2026, 10:16 p.m. | 1 hour, 22 minutes ago Description : WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `extract()` function on the `$_REQUEST` superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass authentication checks, allowing unauthorized access to administrative and protected areas of the WeGIA application. Version 3.6.5 fixes the issue. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...