WeGIA SQL Injection Vulnerability in salvar_cargo.php Endpoint

A SQL injection vulnerability has been identified in the WeGIA application, specifically in the salvar_cargo.php endpoint. This issue allows authorized attackers to execute arbitrary SQL queries, potentially leading to unauthorized access or deletion of sensitive information. The vulnerability arises from inadequate input validation, enabling attackers to manipulate SQL queries through the id_cargo parameter. This issue affects WeGIA versions through 3.2.11 and has been patched in version 3.2.12.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could be used to access or delete sensitive data. Additionally, according to the WeGIA advisory, this vulnerability could lead to a denial-of-service condition by dropping SQL tables or, under certain circumstances, allow attackers to upload arbitrary files.

Reproduction

To reproduce this vulnerability, send a GET request to the WeGIA salvar_cargo.php endpoint with a crafted id_cargo parameter that includes SQL injection payloads. The request must include a valid PHP session cookie to authenticate the user.

Remediation

Users are advised to upgrade to WeGIA version 3.2.12.