← Voltar para CVEs
CVE-2025-53938
HIGH7.5
Descricao
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the `/dao/verificar_recursos_cargo.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows unauthenticated users to access protected application functionalities and retrieve sensitive information by sending crafted HTTP requests without any session cookies or authentication tokens. Version 3.4.5 fixes the issue.
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado7/16/2025
Ultima modificacao7/25/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
wegia:wegia
Fraquezas (CWE)
CWE-306
Referencias
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6p76-7mm4-j5rj(security-advisories@github.com)
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6p76-7mm4-j5rj(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.