WeGIA SQL Injection Vulnerability in Tag Deletion Script

A SQL injection vulnerability has been identified in WeGIA versions prior to 3.6.7. The issue arises in the file 'html/socio/sistema/deletar_tag.php', where user input is extracted and directly concatenated into SQL queries without proper sanitization or the use of prepared statements. This flaw allows authenticated attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.

Impact

Exploitation of this vulnerability allows authenticated attackers to read, modify, or delete all database contents, including sensitive personal information.

Reproduction

To reproduce this vulnerability, authenticate with a valid user account and send a GET request to 'html/socio/sistema/deletar_tag.php' with the 'id_tag' parameter. Include a payload that exploits the SQL injection, such as one that extracts database version information. The injected SQL will be executed, and the database version will be leaked in the response.

Remediation

Users are advised to update to WeGIA version 3.6.7 or later. In version 3.6.7, the vulnerability has been patched by replacing the vulnerable code with a version that uses prepared statements to safely handle user input.