WeGIA SQL Injection Vulnerability in exibe_anexo.php Endpoint

A SQL injection vulnerability has been identified in WeGIA versions 3.4.10 and prior. The issue resides in the '/WeGIA/html/memorando/exibe_anexo.php' endpoint, specifically within the 'id_anexo' parameter. This vulnerability allows an authorized attacker to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive information. Exploitation of this vulnerability could also cause a denial-of-service condition by using time-based SQL injection techniques.

Impact

Successful exploitation allows for arbitrary SQL query execution, which could lead to unauthorized data access, database compromise, and potential denial-of-service conditions through time-delay queries.

Reproduction

To reproduce this vulnerability, send a GET request to the '/WeGIA/html/memorando/exibe_anexo.php' endpoint with a crafted 'id_anexo' parameter that includes a SQL injection payload. The payload can be designed to exploit the application's SQL query handling, such as by using time-based injection techniques that delay the response, indicating successful exploitation.

Remediation

Users can upgrade to WeGIA version 3.4.11, which includes a patch for this vulnerability.