Featured image of post CVE-2025-53091
SQL Injection Critical WeGia Security WebApp

CVE-2025-53091

SQL Injection

CVE-2025-53091: Unauthenticated Time-Based SQL Injection Vulnerability in almox Parameter

CVE Publication: https://www.cve.org/CVERecord?id=CVE-2025-53091

Summary

A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter of the /controle/getProdutosPorAlmox.php endpoint. This issue allows any unauthenticated attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or further exploitation depending on database configuration.

Details

The application fails to properly sanitize user-supplied input in the almox parameter. As a result, specially crafted SQL payloads are interpreted directly by the backend database. This specific vulnerability is blind in nature and was confirmed using time-based inference (SLEEP() function).

The vulnerable request does not require any form of authentication (no cookies, tokens, or headers required), making it especially critical.

PoC

Below are two working proof-of-concept HTTP requests that demonstrate the vulnerability. The difference in response time clearly confirms the execution of the SLEEP() function in the backend:

Impact

  • Unauthorized access to sensitive data (e.g., users, passwords, logs).
  • Database enumeration (schemas, tables, users, versions).
  • Escalation to RCE depending on DB configuration (e.g., xp_cmdshell, UDFs).
  • Full compromise of the application if chained with other vulnerabilities.
  • This issue affects all users and environments, as it does not require authentication and is reachable via a public endpoint.

Reference

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-pmf9-2rc3-vvxx#advisory-comment-130861

Finder

Natan Maia Morette

Contributor

Marcelo Queiroz

By: CVE-Hunters

© 2020 - 2025 CVE-Hunters
Built with Hugo
Theme Stack designed by Jimmy