Login Sign Up

CVE-2025-55168

9.8 CRITICAL
SQL Injection

📋 TL;DR

This SQL injection vulnerability in WeGIA allows attackers to execute arbitrary SQL commands through the id_fichamedica parameter in the /html/saude/aplicar_medicamento.php endpoint. All WeGIA installations prior to version 3.4.8 are affected, potentially compromising database confidentiality, integrity, and availability.

💻 Affected Systems

Products:
  • WeGIA
Versions: All versions prior to 3.4.8
Operating Systems: Any OS running WeGIA
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all WeGIA deployments regardless of configuration.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, and potential remote code execution via database functions.

🟠

Likely Case

Data exfiltration of sensitive information including personal data, medical records, and system credentials.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to specific tables.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection is well-understood with many automated tools available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.8

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6wjm-c879-pjf6

Restart Required: No

Instructions:

1. Backup your WeGIA installation and database. 2. Download WeGIA version 3.4.8 or newer from the official repository. 3. Replace the vulnerable files with patched versions. 4. Verify the fix by testing the affected endpoint.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection protection rules to block malicious requests.

Input Validation Filter

all

Implement server-side input validation to sanitize the id_fichamedica parameter.

🧯 If You Can't Patch

  • Restrict access to the /html/saude/aplicar_medicamento.php endpoint using network controls or authentication.
  • Implement database user permissions with least privilege to limit potential damage from SQL injection.

🔍 How to Verify

Check if Vulnerable:

Check if your WeGIA version is below 3.4.8 by examining the version file or admin interface.

Check Version:

Check WeGIA admin panel or version.txt file in installation directory.

Verify Fix Applied:

Test the /html/saude/aplicar_medicamento.php endpoint with SQL injection payloads to confirm they are blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL error messages in application logs
  • Multiple failed requests to the vulnerable endpoint
  • Requests with SQL keywords in id_fichamedica parameter

Network Indicators:

  • HTTP requests containing SQL injection patterns to the vulnerable endpoint

SIEM Query:

source="web_logs" AND uri="/html/saude/aplicar_medicamento.php" AND (query_string="*UNION*" OR query_string="*SELECT*" OR query_string="*INSERT*" OR query_string="*DELETE*")

📊 Metadata

CVE ID: CVE-2025-55168
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
EPSS Score: 0.05% exploit probability (16.2th percentile)
Published: August 12, 2025
Last Updated: August 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55168, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)