WeGIA SQL Injection Vulnerability in get_detalhes_socio.php Endpoint

A SQL injection vulnerability has been identified in the WeGIA application, specifically in the 'get_detalhes_socio.php' endpoint. This issue allows authorized attackers to execute arbitrary SQL queries, potentially leading to unauthorized access to or deletion of sensitive information. The vulnerability arises from inadequate input validation, enabling attackers to manipulate SQL queries and exploit the application's database. This issue affects WeGIA versions through 3.2.11 and has been patched in version 3.2.12.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL queries, with potential impacts including unauthorized access to sensitive information, deletion of SQL tables, and in some cases, uploading of arbitrary files.

Reproduction

To reproduce this vulnerability, send a GET request to the 'get_detalhes_socio.php' endpoint with the 'id_socio' parameter. Include a crafted SQL injection payload that exploits the lack of input validation. For example, use a payload that adds a SQL injection payload to the 'id_socio' parameter, such as '999 AND (SELECT 299 FROM (SELECT(SLEEP(5)))a)'. This payload demonstrates the injection by causing a delay in the response, indicating that the SQL injection was successful.

Remediation

Users are advised to upgrade to WeGIA version 3.2.12, where this vulnerability has been addressed.