WeGIA SQL Injection Vulnerability in Dependente Listar Um Endpoint

A SQL injection vulnerability has been identified in the WeGIA web application for charitable institutions. The issue resides in the '/html/funcionario/dependente_listar_um.php' endpoint, specifically within the 'id_dependente' parameter. This vulnerability allows attackers to execute arbitrary SQL commands, potentially compromising the database's confidentiality, integrity, and availability. The flaw arises from inadequate validation and sanitization of user inputs, enabling the injection of malicious SQL payloads that the database executes directly. This could lead to unauthorized access to sensitive information, data manipulation, operational disruptions, and even user credential compromise.

Impact

Exploitation of this vulnerability allows for blind, time-based SQL injection, where an attacker can execute SQL commands that introduce delays in the database response, indicating successful exploitation. Such SQL injection could be used to extract, manipulate, or delete database information, disrupt application functionality, or bypass authentication mechanisms.

Reproduction

To reproduce this vulnerability, send a request to the '/html/funcionario/dependente_listar_um.php' endpoint with a crafted 'id_dependente' parameter that includes a SQL injection payload. The payload can be designed to, for example, introduce a time delay by using a SQL command that pauses execution, such as 'SLEEP'. The server's response time can then be observed to confirm the successful execution of the injected SQL command.

Remediation

Users can update to WeGIA version 3.2.8 or later to address this vulnerability.