Volerion logoVolerion
Volerion logoVolerion

WeGIA SQL Injection Vulnerability in dependente_docdependente.php Endpoint

Vulnerability

A SQL injection vulnerability has been identified in the WeGIA application, specifically in the dependente_docdependente.php endpoint. This issue allows attackers to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive information. The vulnerability arises from inadequate input validation, enabling SQL injection attacks even for users not logged into the application.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL queries, with potential impacts including unauthorized access to sensitive information, disruption of database integrity by deleting SQL tables, and in some cases, uploading arbitrary files.

Reproduction

The vulnerability can be reproduced by sending a POST request to the dependente_docdependente.php endpoint with crafted SQL injection payloads in the id_dependente and id_doc parameters. The action parameter should be set to 'excluir' to trigger the vulnerable SQL query execution.

Remediation

Users are advised to upgrade to WeGIA version 3.2.13, where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
7.5
exploitability
6.0
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.