WeGIA SQL Injection Vulnerability in Dependente Documento Endpoint

A SQL injection vulnerability has been identified in WeGIA versions prior to 3.5.1. The issue resides in the '/html/funcionario/dependente_documento.php' endpoint, specifically within the 'id_dependente' parameter. This vulnerability allows attackers to execute arbitrary SQL commands, potentially compromising the database's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could lead to unauthorized data access, data manipulation, and disruption of database operations. Additionally, this vulnerability could be exploited to escalate privileges to remote code execution, depending on the database configuration.

Reproduction

To reproduce this vulnerability, send a POST request to the '/html/funcionario/dependente_documento.php' endpoint with a payload in the 'id_dependente' parameter. The payload can be crafted to include SQL injection techniques, such as union-based injections or time-based blind injections. For example, injecting '1 UNION SELECT version()' could be used to extract the database version, demonstrating the vulnerability.

Remediation

Users are advised to update WeGIA to version 3.5.1 or later, where this vulnerability has been patched.