CVE-2025-55167
📋 TL;DR
CVE-2025-55167 is a critical SQL injection vulnerability in WeGIA web management software that allows attackers to execute arbitrary SQL commands through the id_dependente parameter in the /html/funcionario/dependente_remover.php endpoint. This can lead to complete database compromise including data theft, modification, or deletion. Organizations using WeGIA versions before 3.4.8 are affected.
💻 Affected Systems
- WeGIA
📦 What is this software?
Wegia by Wegia
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data exfiltration, data destruction, privilege escalation, and potential remote code execution on the database server.
Likely Case
Unauthorized access to sensitive data including personal information, financial records, and organizational data stored in the database.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only affecting non-critical data.
🎯 Exploit Status
SQL injection vulnerabilities are typically easy to exploit with readily available tools. The advisory suggests authentication may be required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.4.8
Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-4fqm-ww3v-6mwv
Restart Required: No
Instructions:
1. Backup your current WeGIA installation and database. 2. Download WeGIA version 3.4.8 from the official repository. 3. Replace the vulnerable file /html/funcionario/dependente_remover.php with the patched version. 4. Verify the fix by checking the commit hash matches cb7f5e2b98ef6087b80659627f368612e3c535f3.
🔧 Temporary Workarounds
Input Validation Filter
allAdd server-side validation to ensure id_dependente parameter contains only numeric values
Modify /html/funcionario/dependente_remover.php to validate input before processing
WAF Rule
allImplement web application firewall rules to block SQL injection patterns
Add WAF rule to detect and block SQL injection attempts on the vulnerable endpoint
🧯 If You Can't Patch
- Implement strict input validation at the application layer to only accept numeric values for id_dependente parameter
- Restrict database user permissions to minimum required privileges and implement network segmentation
🔍 How to Verify
Check if Vulnerable:
Check if your WeGIA version is below 3.4.8 and examine the /html/funcionario/dependente_remover.php file for proper input sanitizationCheck Version:
Check WeGIA version in the application interface or examine version files in the installation directoryVerify Fix Applied:
Verify the file hash of /html/funcionario/dependente_remover.php matches the patched version from commit cb7f5e2b98ef6087b80659627f368612e3c535f3📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed parameter validation attempts
- Requests to /html/funcionario/dependente_remover.php with non-numeric parameters
Network Indicators:
- SQL keywords in HTTP POST/GET parameters
- Unusual database connection patterns from web server
SIEM Query:
source="web_logs" AND uri="/html/funcionario/dependente_remover.php" AND (param="id_dependente" AND value MATCH "[^0-9]+")