- Description
- WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass authentication and authorization mechanisms to reset the password of any user, including admin accounts. Version 3.2.6 fixes the issue.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-287
- Hype score
- Not currently trending
CVE-2025-30361 identified in WeGIA Web manager, apply security patches.
@LeBraunneZen
29 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Defend against CVE-2025-30361 with regular system updates and security measures
@LeBraunneZen
29 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mitigate CVE-2025-30361 by updating WeGIA to version 2.1.6
@LeBraunneZen
28 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Protect your systems from CVE-2025-30361, apply latest security patches immediately for enhanced security
@LeBraunneZen
28 Mar 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Update systems to mitigate CVE-2025-30361 risks now.
@LeBraunneZen
28 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Update systems to mitigate CVE-2025-30361 risks.
@LeBraunneZen
27 Mar 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes