WeGIA SQL Injection Vulnerability in 'adicionar_almoxarife.php' Endpoint

A SQL injection vulnerability has been identified in the WeGIA application, specifically in versions through 3.2.11. The issue resides in the 'adicionar_almoxarife.php' endpoint, where user input is not properly validated. This flaw allows attackers to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive information. The vulnerability can also be exploited to disrupt database operations, such as dropping SQL tables, or in some cases, uploading arbitrary files.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL queries, with potential impacts including unauthorized access to sensitive information, disruption of database operations, and in some conditions, the ability to upload arbitrary files.

Reproduction

To reproduce this vulnerability, send a GET request to the 'adicionar_almoxarife.php' endpoint with the 'id_funcionario' and 'id_almoxarifado' parameters. The request can include a crafted SQL payload that exploits the lack of input validation, such as using a SQL injection technique that delays the response, indicating successful exploitation.

Remediation

Users are advised to upgrade to WeGIA version 3.2.13 or later.