WeGIA SQL Injection Vulnerability in Dependente Remover Endpoint

A SQL Injection vulnerability exists in WeGIA versions prior to 3.4.8, specifically in the '/html/funcionario/dependente_remover.php' endpoint. The issue arises from improper validation and sanitization of the 'id_dependente' parameter, allowing attackers to inject and execute arbitrary SQL commands. This exploitation could lead to unauthorized access to sensitive database information, data manipulation, and operational disruptions.

Impact

Exploitation of this vulnerability allows for unauthorized execution of SQL commands, potentially leading to unauthorized access to sensitive data, manipulation of database information, and operational disruptions. Additionally, according to the advisory, this vulnerability could be escalated to remote code execution depending on the database configuration.

Reproduction

To reproduce this vulnerability, send a POST request to the '/html/funcionario/dependente_remover.php' endpoint with an 'id_dependente' parameter that includes a SQL injection payload, such as '0 or sleep(5)'. The injected SQL command will be executed by the database, demonstrating the vulnerability by introducing a delay in the server response.

Remediation

Users can update to WeGIA version 3.4.8 or later, where this vulnerability has been patched.