WeGIA SQL Injection Vulnerability in Control.php Endpoint

A SQL injection vulnerability has been identified in WeGIA, a web management tool for charitable institutions, in versions prior to 3.5.0. The issue occurs in the control.php endpoint, specifically with the 'nomeClasse=ProdutoControle', 'metodo=excluir', and 'id_produto' parameters. The vulnerability allows attackers to execute arbitrary commands in the application's database. The root cause is the lack of prepared statements, proper sanitization, and validation of the 'id_produto' parameter, enabling malicious SQL commands to be injected and executed.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can execute arbitrary SQL commands in the application's database. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to the control.php endpoint with the 'nomeClasse' parameter set to 'ProdutoControle', the 'metodo' parameter set to 'excluir', and the 'id_produto' parameter containing the injected SQL command. The injected command will be executed in the context of the application's database, demonstrating the SQL injection vulnerability.

Remediation

Users are advised to update WeGIA to version 3.5.0 or later, where this vulnerability has been patched.