WeGIA SQL Injection Vulnerability in informacao_adicional.php Endpoint

A SQL injection vulnerability has been identified in the WeGIA application, specifically in the 'informacao_adicional.php' endpoint. This vulnerability allows attackers to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive information. The issue arises from a lack of input validation, which enables SQL injection attacks even for users not logged into the application.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL queries, with potential impacts including unauthorized access to sensitive information, disruption of database services, and in some cases, uploading arbitrary files.

Reproduction

To reproduce this vulnerability, send a GET request to the 'informacao_adicional.php' endpoint with the 'action' parameter set to 'remover' and the 'id_descricao' parameter crafted to include SQL injection payloads. For example, append a payload that uses SQL injection techniques, such as a UNION SELECT statement or a subquery that exploits the application's SQL query handling.

Remediation

Users are advised to upgrade to WeGIA version 3.2.13, where this vulnerability has been addressed.