WeGIA SQL Injection Vulnerability in remover_produto.php Endpoint

A SQL injection vulnerability has been identified in the WeGIA application, specifically in the remover_produto.php endpoint. This issue allows attackers to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive information. The vulnerability arises from inadequate input validation, enabling SQL injection attacks even for users not logged in. The problem has been addressed in version 3.2.13, and users are advised to upgrade.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL queries, with potential impacts including unauthorized access to sensitive information, disruption of database integrity by dropping SQL tables, and in some cases, uploading arbitrary files.

Reproduction

The vulnerability can be reproduced by sending a GET request to the remover_produto.php endpoint with a crafted id_produto parameter that includes SQL injection payloads. For example, a payload could be used that exploits the SQL query execution by, such as, using the SQL sleep function to introduce a delay, demonstrating the injection of arbitrary SQL code.

Remediation

Users are advised to upgrade to WeGIA version 3.2.13 or later.