WeGIA Unauthenticated SQL Injection Vulnerability in get_socios.php Endpoint

A critical unauthenticated SQL injection vulnerability has been identified in WeGIA versions prior to 3.3.0. The issue resides in the endpoint '/html/socio/sistema/get_socios.php', where user-supplied SQL input via the POST parameter 'query' is executed without proper validation. This vulnerability allows attackers to inject and execute arbitrary SQL statements, potentially leading to data exfiltration, authentication bypass, or a complete database compromise.

Impact

Exploitation of this vulnerability allows for the injection and execution of arbitrary SQL queries, which could be used to exfiltrate data, bypass authentication mechanisms, or compromise the entire database.

Reproduction

To reproduce this vulnerability, send a POST request to the '/html/socio/sistema/get_socios.php' endpoint with a crafted SQL query in the 'query' parameter. The injected SQL will be executed against the application's database, allowing for data extraction or manipulation.

Remediation

Users can upgrade to WeGIA version 3.3.1 or later, where this vulnerability has been fixed.