CVE-2024-57035 – CVE-2024-57035 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2024-57035?

CVE-2024-57035 has a CVSS score of 9.8 (CRITICAL). CVE-2024-57035 is a critical SQL injection vulnerability in WeGIA v3.2.0 that allows attackers to execute arbitrary SQL commands via the nextPage parameter in /controle/control.php. This affects all organizations using WeGIA v3.2.0, potentially leading to complete database compromise.

📋 TL;DR

CVE-2024-57035 is a critical SQL injection vulnerability in WeGIA v3.2.0 that allows attackers to execute arbitrary SQL commands via the nextPage parameter in /controle/control.php. This affects all organizations using WeGIA v3.2.0, potentially leading to complete database compromise.

💻 Affected Systems

Products:

WeGIA

Versions: v3.2.0

Operating Systems: All platforms running WeGIA

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation of WeGIA v3.2.0. No special configuration is required for exploitation.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database takeover, data exfiltration, privilege escalation, and potential remote code execution through database functions.

🟠

Likely Case

Unauthorized data access, data manipulation, and potential authentication bypass leading to administrative access.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is accessible via web interface, making it directly exploitable from the internet.

🏢 Internal Only: HIGH - Even internal systems are vulnerable to authenticated or unauthenticated attacks depending on configuration.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is easily exploitable with simple SQL injection techniques. Public proof-of-concept exists in GitHub repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

1. Monitor WeGIA GitHub repository for official patch. 2. Apply patch when available. 3. Test in development environment before production deployment.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and parameterized queries for the nextPage parameter.

Modify /controle/control.php to use prepared statements with parameterized queries

Web Application Firewall (WAF)

all

Deploy WAF with SQL injection protection rules to block exploitation attempts.

Configure WAF to block SQL injection patterns in nextPage parameter

🧯 If You Can't Patch

Isolate WeGIA instance behind strict network segmentation and firewall rules
Implement rate limiting and monitoring for suspicious SQL patterns in access logs

🔍 How to Verify

Check if Vulnerable:

Test the /controle/control.php endpoint with SQL injection payloads in the nextPage parameter (e.g., nextPage=1' OR '1'='1).

Check Version:

Check WeGIA version in configuration files or admin interface

Verify Fix Applied:

Verify that SQL injection payloads no longer execute and return proper error handling or sanitized responses.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in application logs
Multiple failed login attempts followed by SQL injection patterns
Database error messages containing SQL syntax

Network Indicators:

HTTP requests to /controle/control.php with SQL keywords in parameters
Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND uri="/controle/control.php" AND (param="nextPage" AND value MATCHES "(?i)(union|select|insert|update|delete|drop|--|#|;|')")

📊 Metadata

CVE ID: CVE-2024-57035

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.08% exploit probability (23.7th percentile)

Published: January 17, 2025

Last Updated: March 18, 2025

🔗 References

https://github.com/nilsonLazarin/WeGIA/issues/827 Exploit,Issue Tracking
https://github.com/nmmorette/vulnerability-research/tree/main/CVE-2024-57035 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57035, you might also want to check these: