CVE-2024-53471 – This vulnerability allows attackers to inject m... (How to Fix)

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into the payment method configuration page of WeGIA v3.2.0. When users view the compromised page, the scripts execute in their browsers, potentially stealing credentials or performing unauthorized actions. All WeGIA v3.2.0 installations using the vulnerable component are affected.

💻 Affected Systems

Products:

WeGIA

Versions: 3.2.0

Operating Systems: Any OS running WeGIA

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with the /configuracao/meio_pagamento.php component accessible.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack user sessions, deface the website, or redirect users to malicious sites, potentially leading to complete system compromise.

🟠

Likely Case

Attackers inject malicious scripts that steal session cookies or credentials when administrators view the payment configuration page, leading to unauthorized access.

🟢

If Mitigated

With proper input validation and output encoding, the scripts would be rendered harmless as text rather than executable code.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the payment configuration interface, typically requiring authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

1. Check for official patch from WeGIA developers
2. If available, download and apply patch
3. Verify fix by testing payload injection

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement proper input validation and output encoding in the affected PHP file

Edit /configuracao/meio_pagamento.php to sanitize id and name parameters using htmlspecialchars() or similar functions

Access Restriction

all

Restrict access to the vulnerable component

Add authentication/authorization checks to /configuracao/meio_pagamento.php
Implement IP whitelisting for administrative interfaces

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block XSS payloads
Disable or remove the vulnerable component if not required

🔍 How to Verify

Check if Vulnerable:

Test if script tags can be injected into id or name parameters of /configuracao/meio_pagamento.php and persist when page is reloaded

Check Version:

Check WeGIA version in configuration files or admin interface

Verify Fix Applied:

Attempt to inject test payloads like <script>alert('XSS')</script> and verify they are properly sanitized or blocked

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /configuracao/meio_pagamento.php with script tags in parameters
Multiple failed login attempts followed by configuration changes

Network Indicators:

HTTP requests containing script tags or JavaScript in URL parameters
Unusual outbound connections from the WeGIA server

SIEM Query:

source="web_server" AND (uri="/configuracao/meio_pagamento.php" AND (param="id" OR param="name") AND value MATCHES "<script>")

📊 Metadata

CVE ID: CVE-2024-53471

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: December 5, 2024

Last Updated: April 9, 2025

🔗 References

https://github.com/nilsonmori/WeGIA Product
https://github.com/nmmorette/vulnerability-research/blob/main/CVE-2024-53471/README.md Exploit,Third Party Advisory
https://github.com/nmmorette/vulnerability-research/blob/main/CVE-2024-53471/README.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-53471, you might also want to check these: