WeGIA SQL Injection Vulnerability in Permission Deletion Endpoint

A SQL injection vulnerability has been identified in the WeGIA application, specifically in the 'deletar_permissao.php' endpoint. This vulnerability allows authorized attackers to execute arbitrary SQL queries, potentially leading to unauthorized access to or deletion of sensitive information. The issue arises from a lack of input validation, which enables manipulation of SQL queries through the 'id_cargo', 'id_acao', and 'id_recurso' parameters. The vulnerability affects WeGIA versions through 3.2.11 and has been patched in version 3.2.12.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could be used to access or delete sensitive information. Additionally, according to the WeGIA advisory, this vulnerability could lead to a denial-of-service condition by dropping SQL tables, and under certain circumstances, allow attackers to upload arbitrary files.

Reproduction

The vulnerability can be reproduced by sending a GET request to the 'deletar_permissao.php' endpoint with crafted 'id_cargo', 'id_acao', and 'id_recurso' parameters that exploit the SQL injection flaw. This can be done using curl, including a session cookie to simulate an authenticated user.

Remediation

Users are advised to upgrade to WeGIA version 3.2.12.