Primary

Context

WeGIA SQL Injection Vulnerability in Remuneracao.php

Vulnerability

A SQL injection vulnerability has been identified in WeGIA versions prior to 3.2.0. The issue resides in the 'id_funcionario' parameter of the 'remuneracao.php' file within the 'funcionario' directory. This vulnerability allows attackers to execute arbitrary SQL commands, potentially compromising the confidentiality, integrity, and availability of the application's data.

Impact

Exploitation of this vulnerability allows for blind time-based SQL injection, where an attacker can execute SQL commands that may be used to manipulate or extract data from the database.

Reproduction

To reproduce this vulnerability, send a POST request to 'remuneracao.php' with the 'id_funcionario' parameter. Include a payload that exploits the SQL injection, such as a SQL injection payload that uses time-based blind injection techniques, like 'AND (SELECT 7525 FROM (SELECT(SLEEP(20)))PXhT)'.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WeGIA SQL Injection Vulnerability in Remuneracao.php

Vulnerability

Impact

Reproduction

Affected Products

WeGIA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating