WeGIA SQL Injection Vulnerability in dependente_editarInfoPessoal.php Endpoint

A SQL Injection vulnerability has been identified in WeGIA versions prior to 3.4.6. The issue resides in the 'idatendido_familiares' parameter of the '/html/funcionario/dependente_editarInfoPessoal.php' endpoint. This vulnerability allows attackers to manipulate SQL queries, potentially accessing sensitive database information such as table names and personal data.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive database information, including personal data and database structure details. Additionally, it could allow for escalation to remote code execution, depending on the database configuration.

Reproduction

To reproduce this vulnerability, send a POST request to the '/html/funcionario/dependente_editarInfoPessoal.php' endpoint with the 'idatendido_familiares' parameter. Include a payload that exploits the SQL injection vulnerability, such as a time-based blind SQL injection payload. The request should be made without authentication, as the endpoint is publicly accessible.

Remediation

Users can upgrade to WeGIA version 3.4.6 or later to address this vulnerability.