CVE-2025-30361

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.2.6

Description A security issue was identified in WeGIA, a Web manager for charitable institutions, where it is possible to change a user's password without verifying the old password. This issue exists in the "control.php" endpoint and allows unauthorized attackers to bypass authentication and authorization mechanisms to reset the password of any user, including admin accounts.

Recommendations For versions prior to 3.2.6, update to version 3.2.6 to resolve the issue. As a temporary workaround, consider restricting access to the "control.php" endpoint until the update is applied.