WeGIA SQL Injection Vulnerability in Control.php Endpoint

A SQL injection vulnerability has been identified in WeGIA versions prior to 3.2.6. The issue arises in the nextPage parameter of the /WeGIA/controle/control.php endpoint, allowing attackers to manipulate SQL queries and access sensitive database information, including table names and personal data. Exploitation of this vulnerability could lead to unauthorized database access and data manipulation.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive database information, including personal data and table details. Additionally, it could allow attackers to manipulate or delete database records, potentially causing system downtime.

Reproduction

To reproduce this vulnerability, send a request to the /WeGIA/controle/control.php endpoint with the metodo parameter set to 'listarUm', the nomeClasse parameter set to 'SaudeControle', and the nextPage parameter containing a crafted payload that exploits the SQL injection vulnerability. The request can include a cookie with session information to bypass any authentication requirements.

Remediation

Users are advised to update WeGIA to version 3.2.6 or later, where this vulnerability has been fixed.