CVE-2025-53946
📋 TL;DR
A SQL injection vulnerability in WeGIA versions before 3.4.5 allows attackers to manipulate database queries through the id_funcionario parameter in the /html/saude/profile_paciente.php endpoint. This enables unauthorized access to sensitive database information including table structures and confidential data. Organizations using WeGIA versions prior to 3.4.5 are affected.
💻 Affected Systems
- WeGIA
📦 What is this software?
Wegia by Wegia
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to theft of all sensitive data, including personal information, financial records, and system credentials, potentially enabling further system takeover.
Likely Case
Extraction of sensitive database information such as user credentials, personal data, and organizational records, leading to data breaches and privacy violations.
If Mitigated
Limited or no data exposure due to proper input validation, parameterized queries, and database permission restrictions.
🎯 Exploit Status
SQL injection vulnerabilities are commonly exploited with readily available tools. While no public PoC is confirmed, exploitation is straightforward for attackers with basic SQL injection knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.4.5
Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-532r-mgxv-g7jm
Restart Required: No
Instructions:
1. Backup your current WeGIA installation and database. 2. Download WeGIA version 3.4.5 from the official repository. 3. Replace the vulnerable files with the patched version. 4. Verify the fix by testing the affected endpoint.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side validation to ensure id_funcionario parameter contains only numeric values
Add input validation in profile_paciente.php to restrict id_funcionario to integers only
Web Application Firewall Rule
allBlock SQL injection patterns targeting the vulnerable endpoint
Configure WAF to block requests containing SQL keywords in the id_funcionario parameter
🧯 If You Can't Patch
- Implement network segmentation to restrict access to the WeGIA application
- Deploy a web application firewall with SQL injection detection rules
🔍 How to Verify
Check if Vulnerable:
Check if your WeGIA version is below 3.4.5 by examining the version file or checking the admin interfaceCheck Version:
Check the version.txt file or login to WeGIA admin panel to view version informationVerify Fix Applied:
Test the /html/saude/profile_paciente.php endpoint with SQL injection payloads in the id_funcionario parameter to confirm they are rejected📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in application logs
- Multiple failed login attempts or parameter manipulation in access logs
- Requests to profile_paciente.php with non-numeric id_funcionario values
Network Indicators:
- HTTP requests containing SQL keywords (SELECT, UNION, etc.) in the id_funcionario parameter
- Unusual database query patterns from the application server
SIEM Query:
source="wegia_logs" AND (url="/html/saude/profile_paciente.php" AND (param="id_funcionario" AND value="*SELECT*" OR value="*UNION*" OR value="*OR*"))