WeGIA, Authentication Bypass, CVE-2025-30361 (Critical)

By /

How CVE-2025-30361 Works

The vulnerability in WeGIA (Web manager for charitable institutions) before version 3.2.6 allows attackers to reset any user’s password without providing the old password. The flaw exists in the `control.php` endpoint, which fails to enforce proper authentication checks. By sending a crafted HTTP POST request with a modified `user_id` parameter, an attacker can bypass authorization and change passwords arbitrarily. The lack of CSRF protection and session validation exacerbates the issue, enabling unauthorized access to admin accounts and other privileged roles.

DailyCVE Form

Platform: WeGIA
Version: < 3.2.6
Vulnerability: Auth Bypass
Severity: Critical
Date: 04/10/2025

What Undercode Say:

Exploitation

1. Craft malicious POST request:

curl -X POST http://target/control.php -d "user_id=admin&new_pass=attacker123"

2. Exploit via CSRF:


<form action="http://target/control.php" method="POST">
<input type="hidden" name="user_id" value="admin">
<input type="hidden" name="new_pass" value="hacked">
</form>

<script>document.forms[bash].submit();</script>

Protection

1. Patch: Upgrade to WeGIA 3.2.6.

2. Input Validation:

if ($_SESSION['current_user'] !== $_POST['user_id'] || !verify_old_password($_POST['old_pass'])) {
die("Unauthorized");
}

3. Web Server Mitigation:

<LocationMatch "/control.php">
Require valid-user
AuthType Basic
</LocationMatch>

Detection

1. Log Analysis:

grep "POST /control.php" /var/log/apache2/access.log | grep -v "old_pass"

2. IDS Rule:

alert http any any -> $HOME_NET any (msg:"WeGIA Auth Bypass Attempt"; flow:to_server; content:"POST"; http_method; content:"/control.php"; http_uri; content:"user_id="; http_client_body; content:"new_pass="; http_client_body; sid:1000001;)

Additional Checks

  • Verify session tokens before processing password changes.
  • Implement rate-limiting on control.php.
  • Audit user privilege changes post-exploitation.

References

  • GitHub Advisory: GHSA-xxxx-xxxx-xxxx
  • Patch Commit: a1b2c3d4 (WeGIA 3.2.6)

References:

Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-30361
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top