WeGIA SQL Injection Vulnerability in adicionar_cor.php Endpoint Allows Database Access

A SQL injection vulnerability has been identified in the WeGIA application, specifically within the adicionar_cor.php endpoint. This flaw allows attackers to execute arbitrary SQL commands, leading to unauthorized access to sensitive information. Exploitation of this vulnerability enabled a complete dump of the application's database, underscoring its severity. The issue arises because the application fails to properly validate or sanitize the 'cor' parameter, allowing direct manipulation of SQL queries. This vulnerability affects WeGIA versions prior to 3.2.9.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive data, including credentials and personal information. It also enables data exfiltration by dumping entire database tables, potentially compromising user accounts and causing reputational damage to the organization.

Reproduction

The vulnerability can be reproduced by sending a POST request to the adicionar_cor.php endpoint with a crafted 'cor' parameter that includes SQL injection payloads. The absence of proper input sanitization allows these payloads to be executed by the database, facilitating unauthorized data access.

Remediation

Users can update to WeGIA version 3.2.10 or later to address this vulnerability.