CVE-2025-53529: SQL Injection Vulnerability in id_funcionario Parameter on profile_funcionario.php Endpoint
CVE Publication: https://www.cve.org/CVERecord?id=CVE-2025-53529
Summary
A SQL Injection vulnerability was discovered in the id_funcionario parameter of the html/funcionario/profile_funcionario.php endpoint. This issue allows any unauthenticated attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or further exploitation depending on database configuration.
Details
The application fails to properly sanitize user-supplied input in the almox parameter. As a result, specially crafted SQL payloads are interpreted directly by the backend database.
PoC
Vulnerable Endpoint: html/funcionario/profile_funcionario.php
Parameter: id_funcionario
- Navigate to: https://demo.wegia.org/html/funcionario/profile_funcionario.php id_funcionario=1;
- Insert SQL command after
idparameter like in the image below:
Observe the Fatal error: Uncaught PDOException: SQLSTATE[HY000]: Cardinality violation: 1222 The used SELECT statements have a different number of columns message, unequivocally confirming SQL Injection.
Impact
- Unauthorized access to sensitive data (e.g., users, passwords, logs).
- Database enumeration (schemas, tables, users, versions).
- Escalation to RCE depending on DB configuration (e.g., xp_cmdshell, UDFs).
- Full compromise of the application if chained with other vulnerabilities.
- This issue affects all users and environments, as it does not require authentication and is reachable via a public endpoint.
Reference
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-rrj6-pj6w-8j2r
Finder
Contributor
By: CVE-Hunters