CVE-2024-57032
17.01.2025, 20:15
WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field.Enginsight
| Vendor | Product | Version |
|---|---|---|
| wegia | wegia | 𝑥 < 3.2.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.