CVE-2026-28411 WeGIA Vulnerable to Authentication Bypass via `extract($_REQUEST)`

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the extract function on the $REQUEST superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass...

EUVD-2026-9081

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the extract function on the $REQUEST superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass...

PT-2026-22413

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.5 Description WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the extract function on the $ REQUEST superglobal allows an unauthenticated attacker to overwrite local...

CVE-2016-3187

The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter...

Cross site request forgery (csrf)

WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery CSRF attacks via crafted cookies, as demonstrated by attacks that 1 delete user accounts or 2 cause a...

CVE-2008-5113

CVE-2008-5113 affects WordPress 2.6.3, where reliance on the REQUEST superglobal in certain dangerous situations enables remote attackers to perform delayed, persistent CSRF via crafted cookies, potentially deleting user accounts or causing denial of service. The description notes an independent ...