WeGIA Time-Based Blind SQL Injection Vulnerability in Unauthenticated Access

A time-based blind SQL injection vulnerability has been identified in WeGIA version 3.3.3. The issue resides in the almox parameter of the /controle/getProdutosPorAlmox.php endpoint. This vulnerability allows any unauthenticated attacker to inject arbitrary SQL queries, which could lead to unauthorized data access or further exploitation, depending on the database configuration.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive data such as user information, passwords, and logs. It also allows for database enumeration, including schemas, tables, users, and database versions. Depending on the database configuration, this vulnerability could be escalated to remote code execution. Additionally, if chained with other vulnerabilities, it could lead to a full compromise of the application.

Reproduction

The vulnerability can be reproduced by sending a request to the /controle/getProdutosPorAlmox.php endpoint with a crafted SQL payload in the almox parameter. The injection can be confirmed by using time-based inference, such as the SLEEP() function, to demonstrate that the SQL payload was executed by the database.

Remediation

Users can upgrade to WeGIA version 3.4.0 to address this vulnerability.