CVE-2024-57032

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.2.0

Description The issue concerns an incorrect access control in the controle/control.php file. Specifically, the application fails to validate the value of the old password, allowing password changes by entering any value in the senha antiga field.

Recommendations For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the controle/control.php file or disabling password change functionality until a patch is applied. Avoid using the senha antiga field in the affected API endpoint until the issue is resolved.

Exploit

Fix

Improper Access Control

Incorrect Default Permissions

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-276CWE-863

Related Identifiers

CVE-2024-57032

Affected Products

Wegia

CVE-2024-57032

Weakness Enumeration

Related Identifiers

Affected Products

References · 7