CVE-2025-23218

CVE-2025-23218: SQL Injection endpoint `adicionar_especie.php` parameter `especie`

CVE Publication: https://www.cve.org/CVERecord?id=CVE-2025-23218

Summary

A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_especie.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw.

Details

Vulnerable Endpoint: POST /dao/pet/adicionar_especie.php

Parameter: especie

The application does not perform proper validation or sanitization on the id parameter, allowing an attacker to manipulate SQL queries directly. This flaw makes it possible to execute malicious statements in the database. During testing, the extraction of sensitive data through the exploit was confirmed.

POC

Payload (sqlmap):

1
  sqlmap -u "http://localhost/dao/pet/adicionar_especie.php" --data="especie=especie" --dbms=mysql --cookie="PHPSESSID=thaicee00su2lhvlceu9r9v66v" --dump

It was possible to identify the database wegia.

It was possible to fully dump the pessoa table.

Impact

Unauthorized access to sensitive data: An attacker can access confidential information such as credentials, personal or financial data.
Compromise of user accounts: Using stolen credentials, attackers can gain full access to the application and perform actions on behalf of legitimate users.
Data exfiltration: Possibility of stealing large volumes of information by dumping entire database tables.
Reputational damage: Exposing customer data or business information can significantly harm the organization's image.
Execution of chain attacks: Obtained information can be used to carry out new attacks, such as targeted phishing or attacks on interconnected systems.