CVE-2026-40285 | LabRedesCefetRJ WeGIA up to 3.6.9 POST Parameter UsuarioDAO.php verificarDespacho cpf_usuario sql injection (GHSA-666r-v2m7-xgp9)

A vulnerability classified as critical was found in LabRedesCefetRJ WeGIA up to 3.6.9. The impacted element is the function DespachoControle::verificarDespacho of the file dao/memorando/UsuarioDAO.php of the component POST Parameter Handler. The manipulation of the argument cpf_usuario results in sql injection.

This vulnerability is cataloged as CVE-2026-40285. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More