CVE-2025-55167
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wegia | wegia | to 3.4.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-55167 is a critical SQL Injection vulnerability in the WeGIA web manager software, specifically in the /html/funcionario/dependente_remover.php endpoint. The vulnerability occurs because the id_dependente parameter is not properly validated or sanitized, allowing attackers to inject arbitrary SQL commands. This means an attacker can manipulate the database queries executed by the application, potentially accessing, modifying, or deleting sensitive data without authorization. The vulnerability can be exploited remotely without authentication or user interaction. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access to sensitive data such as user credentials and logs, enumeration of database schemas, tables, users, and versions, and potentially remote code execution depending on the database configuration. It can lead to full compromise of the application if combined with other vulnerabilities. The confidentiality, integrity, and availability of the database are all at high risk, making it possible for attackers to steal, alter, or destroy data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This SQL Injection vulnerability can be detected by sending specially crafted requests to the vulnerable endpoint `/html/funcionario/dependente_remover.php` targeting the `id_dependente` parameter. A proof-of-concept payload such as `id_dependente=0 or sleep(5)` can be used to observe a measurable delay in the server response, confirming the presence of the vulnerability. For example, using curl to test the delay: `curl -X POST -d "id_dependente=0 or sleep(5)" https://yourserver/html/funcionario/dependente_remover.php` and measuring response time can indicate exploitation. Additionally, monitoring for unusual or malformed SQL queries in logs or using web application firewalls with SQLi detection rules can help detect attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the WeGIA software to version 3.4.8 or later, where the vulnerability has been patched. The patch includes proper input validation and sanitization of the `id_dependente` parameter, use of prepared statements to prevent SQL injection, improved session management, and exception handling. If updating immediately is not possible, applying similar input validation (e.g., validating `id_dependente` as an integer), using prepared statements for database queries, and restricting access to the vulnerable endpoint can reduce risk temporarily. [1, 2]