WeGIA SQL Injection Vulnerability in profile_dependente.php Endpoint

A SQL Injection vulnerability has been identified in WeGIA versions prior to 3.4.6. The issue resides in the '/html/funcionario/profile_dependente.php' endpoint, specifically within the 'id_dependente' parameter. This vulnerability allows attackers to execute arbitrary SQL commands, potentially compromising the database's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data such as user information and passwords, database enumeration, and depending on the database configuration, escalation to remote code execution. Additionally, this vulnerability could result in a full compromise of the application when chained with other vulnerabilities.

Reproduction

To reproduce this vulnerability, send a request to the '/html/funcionario/profile_dependente.php' endpoint with a crafted 'id_dependente' parameter that includes a SQL injection payload. For example, using a payload that adds a time delay, such as '+AND+SLEEP(10)', can demonstrate the vulnerability by showing the delayed response from the server, indicating successful execution of the injected SQL command.

Remediation

Users can upgrade to WeGIA version 3.4.6 or later, where this vulnerability has been patched.