WeGIA SQL Injection Vulnerability in Document Deletion Endpoint

A SQL injection vulnerability has been identified in the WeGIA application, specifically in the 'deletar_documento.php' endpoint. This issue allows authorized attackers to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive information. The vulnerability arises from inadequate input validation, enabling attackers to manipulate SQL queries through the 'id_cargo' parameter. This issue affects WeGIA versions through 3.2.13 and has been patched in version 3.2.14.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL queries, with potential impacts including unauthorized access to sensitive data, disruption of database integrity by dropping SQL tables, and in some cases, uploading arbitrary files.

Reproduction

To reproduce this vulnerability, send a GET request to the 'deletar_documento.php' endpoint with the 'id_cargo' parameter. Include a crafted SQL payload that exploits the application's lack of input validation, such as a SQL injection payload that uses the 'SELECT' statement with the 'SLEEP' function to demonstrate the injection.

Remediation

Users are advised to upgrade to WeGIA version 3.2.14, where this vulnerability has been addressed.