WeGIA SQL Injection Vulnerability in salvar_tag.php Endpoint

A SQL injection vulnerability has been identified in the WeGIA application, specifically in the salvar_tag.php endpoint. This issue allows authorized attackers to execute arbitrary SQL queries, potentially leading to unauthorized access to or deletion of sensitive information. The vulnerability arises from inadequate input validation, enabling attackers to manipulate SQL queries through the id_tag parameter. This issue affects WeGIA versions through 3.2.11 and has been patched in version 3.2.12.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could be used to access or delete sensitive information. Additionally, according to the WeGIA advisory, this vulnerability could lead to a denial-of-service condition by dropping SQL tables, and under certain circumstances, it might allow attackers to upload arbitrary files.

Reproduction

To reproduce this vulnerability, send a GET request to the salvar_tag.php endpoint with a crafted id_tag parameter that includes SQL injection payloads. The injected SQL can be used to manipulate the database, such as by using the SQL sleep function to create a time-based blind SQL injection effect.

Remediation

Users are advised to upgrade to WeGIA version 3.2.12.