Cyber Posture

CVE-2024-57031

CriticalPublic PoC

Published: 17 January 2025

Published
17 January 2025
Modified
24 March 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0044 63.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57031 is a critical-severity SQL Injection (CWE-89) vulnerability in Wegia Wegia. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 36.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

SI-10 mandates validation of user inputs like the id_funcionario parameter to prevent SQL injection by ensuring malicious payloads are rejected.

SI-2 Flaw Remediation good match
prevent

SI-2 requires timely remediation of flaws such as this SQL injection vulnerability through patching to WeGIA 3.2.0 or later.

RA-5 Vulnerability Monitoring and Scanning good match
preventdetect

RA-5 employs vulnerability scanning to identify SQL injection flaws like CVE-2024-57031 and remediate them before exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
attack.mitre.org →
Why these techniques?

SQL injection vulnerability in a web application enables exploitation of public-facing applications (T1190) and direct access to databases for data collection (T1213.006).

NVD Description

WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the id_funcionario parameter.

Deeper analysisAI

CVE-2024-57031, published on 2025-01-17, is a SQL injection vulnerability (CWE-89) affecting WeGIA versions prior to 3.2.0. The issue is located in the /funcionario/remuneracao.php component, where the id_funcionario parameter fails to properly sanitize user input, allowing malicious SQL payloads to be injected into backend database queries.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity. A remote, unauthenticated attacker requires only network access and can exploit it with low complexity and no user interaction. Successful exploitation enables arbitrary SQL execution, potentially resulting in high-impact compromise of confidentiality, integrity, and availability, such as unauthorized data access, modification, deletion, or denial of service against the database.

Advisories recommend upgrading to WeGIA 3.2.0 or later to mitigate the vulnerability. Further technical details and proof-of-concept information are available in the research repository at https://github.com/nmmorette/vulnerability-research/tree/main/CVE-2024-57031, with additional context on the official site at https://www.wegia.org/.

Details

CWE(s)
CWE-89

Affected Products

wegia
wegia
≤ 3.2.0

CVEs Like This One

CVE-2025-30364Same product: Wegia Wegia
CVE-2026-31896Same product: Wegia Wegia
CVE-2025-24957Same product: Wegia Wegia
CVE-2024-57035Same product: Wegia Wegia
CVE-2026-23723Same product: Wegia Wegia
CVE-2025-23218Same product: Wegia Wegia
CVE-2025-30367Same product: Wegia Wegia
CVE-2026-33991Same product: Wegia Wegia
CVE-2025-26614Same product: Wegia Wegia
CVE-2025-26612Same product: Wegia Wegia

References