Volerion logoVolerion
Volerion logoVolerion

WeGIA SQL Injection Vulnerability in Employee Registration Endpoint

Vulnerability

A SQL injection vulnerability has been identified in WeGIA versions prior to 3.5.1. The issue is located in the '/html/funcionario/cadastro_funcionario_pessoa_existente.php' endpoint, specifically within the 'cpf' parameter. This vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized access and manipulation of database information.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to execute arbitrary SQL commands. This could result in unauthorized access to sensitive data, manipulation of database information, and disruption of database availability.

Reproduction

To reproduce this vulnerability, send a request to the '/html/funcionario/cadastro_funcionario_pessoa_existente.php' endpoint with a crafted 'cpf' payload that includes SQL injection elements. For example, a payload could be used to extract database information, such as the database version.

Remediation

Users are advised to update WeGIA to version 3.5.1 or later, where this vulnerability has been patched.

Added: Oct 13, 2025, 10:29 PM
Updated: Oct 13, 2025, 10:29 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
7.5
exploitability
4.2
remediation
7.7
relevance
0.7
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.