WeGIA SQL Injection Vulnerability in familiar_docfamiliar.php Endpoint

A SQL injection vulnerability has been identified in the WeGIA application, specifically in the familiar_docfamiliar.php endpoint. This vulnerability allows attackers to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive information. The issue arises from a lack of input validation for the id_dependente and id_doc parameters, enabling SQL injection attacks even for users not logged in. The vulnerability affects WeGIA versions through 3.2.11 and has been patched in version 3.2.13.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL queries, with potential impacts including unauthorized access to sensitive information, disruption of database integrity by deleting SQL tables, and in some cases, uploading arbitrary files.

Reproduction

The vulnerability can be reproduced by sending a POST request to the familiar_docfamiliar.php endpoint with crafted SQL payloads in the id_dependente and id_doc parameters. For example, including a payload that uses the SQL 'SLEEP' function can demonstrate the injection by causing a delay in the response.

Remediation

Users are advised to upgrade to WeGIA version 3.2.13 or later.