CVE-2025-30367: SQL Injection endpoint control.php parameter nextPage
CVE Publication: https://www.cve.org/CVERecord?id=CVE-2025-30367
Summary
A SQL Injection vulnerability was identified in the WeGIA application, specifically in the control.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw.
Details
Vulnerable Endpoint: WeGIA/controle/control.php?metodo=listarUm&nomeClasse=SaudeControle&nextPage=<payload>&id=1
Parameter: nextPage
The application does not perform proper validation or sanitization on the id parameter, allowing an attacker to manipulate SQL queries directly. This flaw makes it possible to execute malicious statements in the database. During testing, the extraction of sensitive data through the exploit was confirmed.
POC
Payload (sqlmap):
| |
Using sqlmap an attacker could dump the entire database information from WeGIA.
Database: wegiaTable: funcionario_docfuncional
Database: wegiaTable: pessoa
Impact
- Unauthorized access to sensitive data: An attacker can access confidential information such as credentials, personal or financial data.
- Compromise of user accounts: Using stolen credentials, attackers can gain full access to the application and perform actions on behalf of legitimate users.
- Data exfiltration: Possibility of stealing large volumes of information by dumping entire database tables.
- Reputational damage: Exposing customer data or business information can significantly harm the organization's image.
- Execution of chain attacks: Obtained information can be used to carry out new attacks, such as targeted phishing or attacks on interconnected systems.
Reference
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-7j9v-xgmm-h7wr
Reporter
By: CVE-Hunters