WeGIA SQL Injection Vulnerability in Medication Application Endpoint

A SQL injection vulnerability has been identified in the WeGIA web application, specifically in versions prior to 3.4.8. The issue resides in the '/html/saude/aplicar_medicamento.php' endpoint, within the 'id_fichamedica' parameter. This vulnerability allows attackers to execute arbitrary SQL commands, potentially compromising the database's confidentiality, integrity, and availability. The vulnerability arises from inadequate input validation and sanitization, enabling the injection of malicious SQL payloads that are executed directly by the database.

Impact

Exploitation of this vulnerability allows for unauthorized execution of SQL commands, which could lead to unauthorized access to or manipulation of database information. According to the advisory, this vulnerability could be chained with others for a full application compromise.

Reproduction

To reproduce this vulnerability, send a GET request to the '/html/saude/aplicar_medicamento.php' endpoint with a crafted 'id_fichamedica' parameter that includes SQL injection payloads. For example, using '1+AND+SLEEP(10)' as the payload would demonstrate the vulnerability by introducing a time delay, indicating successful execution of the injected SQL command.

Remediation

Users are advised to update to WeGIA version 3.4.8 or later, where this vulnerability has been patched.