WeGIA SQL Injection Vulnerability in Profile_Atendido.php Endpoint

A SQL injection vulnerability has been identified in WeGIA versions prior to 3.4.6. The issue resides in the '/html/atendido/Profile_Atendido.php' endpoint, specifically within the 'idatendido' parameter. This vulnerability allows authorized attackers to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive information. Exploitation of this vulnerability could also cause a denial-of-service condition by using time-delay queries.

Impact

Successful exploitation allows for arbitrary SQL query execution, which could lead to unauthorized data access, database compromise, and potential denial-of-service conditions through time-delay queries.

Reproduction

To reproduce this vulnerability, send a GET request to the '/html/atendido/Profile_Atendido.php' endpoint with a crafted 'idatendido' parameter that includes a SQL injection payload, such as a subquery that uses the 'sleep' function to introduce a time delay. This demonstrates the vulnerability by exploiting the application's SQL query handling and confirming the injection's success through the delayed response.

Remediation

Users can upgrade to WeGIA version 3.4.6 or later, where this vulnerability has been addressed.