← voltar
CVE-2025-61665

WeGIA: Broken Access Control in `get_relatorios_socios.php` Endpoint

CVSS 8.7 HIGHEPSS 0.5%CWE-200CWE-287
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Broken Access Control vulnerability, identified in the get_relatorios_socios.php endpoint. This vulnerability allows unauthenticated attackers to directly access sensitive personal and financial information of members without requiring authentication or authorization. This issue is fixed in version 3.5.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N
Produtos afetados
LabRedesCefetRJ · WeGIA

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/LabRedesCefetRJ/WeGIA/commit/828f23a6a760a52b8bb8bfd583cc2b23c42da51ehttps://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-62wp-6qmh-6p5f