WeGIA SQL Injection Vulnerability in control.php Endpoint

A SQL injection vulnerability has been identified in WeGIA versions prior to 3.4.2. The issue resides in the 'id' parameter of the '/WeGIA/controle/control.php' endpoint. This vulnerability allows attackers to manipulate SQL queries, potentially accessing sensitive database information such as table names and other confidential data. The vulnerability can be exploited by sending a crafted request to the endpoint with a malicious payload in the 'id' parameter.

Impact

Exploitation of this vulnerability allows unauthorized access to sensitive database information, including the potential to enumerate database schemas, tables, users, and versions. Additionally, depending on the database configuration, this vulnerability could be escalated to remote code execution. Overall, this vulnerability could lead to a full compromise of the application, especially if chained with other vulnerabilities.

Reproduction

To reproduce this vulnerability, send a GET request to the '/WeGIA/controle/control.php' endpoint. Include the 'nomeClasse' parameter set to 'MedicamentoControle', the 'metodo' parameter set to 'adicionarMedicamento', and the 'modulo' parameter set to 'pet'. In the 'id' parameter, insert a payload that exploits the SQL injection vulnerability. The 'nomeMedicamento', 'aplicacaoMedicamento', and 'descricaoMedicamento' parameters can be filled with arbitrary values. After sending the request, the SQL injection can be exploited using a tool like sqlmap, targeting the 'id' parameter.

Remediation

Users can update to WeGIA version 3.4.2 or later, where this vulnerability has been patched.