WeGIA SQL Injection Vulnerability in Memorando Dispatch Listing Endpoint

A SQL injection vulnerability has been identified in WeGIA versions 3.4.10 and prior. The issue resides in the 'id_memorando' parameter of the '/WeGIA/html/memorando/listar_despachos.php' endpoint. This vulnerability allows an authorized attacker to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive information. Exploitation could also cause a denial-of-service condition by using time-based payloads.

Impact

Successful exploitation allows for arbitrary SQL query execution, leading to data exfiltration and database compromise. Additionally, the vulnerability could be exploited to cause a denial-of-service condition by using time-delay SQL queries.

Reproduction

To reproduce this vulnerability, send a GET request to the '/WeGIA/html/memorando/listar_despachos.php' endpoint with a crafted 'id_memorando' parameter that includes a SQL injection payload. The payload can be designed to, for example, use a subquery that includes a 'sleep' function, which would introduce a delay in the response and demonstrate the injection's effectiveness.

Remediation

Users can upgrade to WeGIA version 3.4.11, which includes a patch for this vulnerability.