4 matches found
CVE-2025-30361
WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass...
CVE-2025-30361
WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass...
CVE-2025-30367
WeGIA (web manager for charitable institutions) has a SQL injection in the nextPage parameter of /WeGIA/controle/control.php for versions before 3.2.6. The root cause is unsafeguarded SQL query construction, allowing attackers to access database metadata and sensitive data. Version 3.2.6 contains...
CVE-2025-30361 WeGIA Vulnerable to Broken Authentication - Old Password Validation
WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass...