WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `extract()` function on the `$_REQUEST` superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass authentication checks, allowing unauthorized access to administrative and protected areas of the WeGIA application. Version 3.6.5 fixes the issue.
The vulnerability results from unsafe invocation of the `extract()` function on the `$_REQUEST` array in multiple PHP scripts of the WeGIA application. The `extract()` function imports key-value pairs from an array as local variables, allowing an attacker to supply arbitrary HTTP parameters (GET or POST) and overwrite existing local variables in the script. In this way, an attacker can modify variables responsible for permission control and authentication state, effectively bypassing all identity verification mechanisms. The attack requires no authentication, user interaction, or special network conditions.
Attackers gain unauthorized access to WeGIA administrative panels and protected application areas. Consequently, it is possible to disclose, modify, or delete data processed by the application, which in the case of a charitable institution management system may result in leakage of sensitive beneficiary and donor data.
WeGIA should be updated to version 3.6.5 or newer, which removes the vulnerability. Details are available in the project's official security bulletin at the address indicated in the references.
WeGIA in versions prior to 3.6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWegia
APPWegia< 3.6.5
Related vulnerabilities
SQL Injection w WeGIA — kompromitacja bazy danych przez parametr id_produto
Reflected XSS w WeGIA — wstrzyknięcie kodu przez parametr sccd
Reflected XSS w WeGIA — wstrzyknięcie kodu JS przez parametr GET
SQL Injection w WeGIA – nieautoryzowane wykonanie poleceń SQL
WeGIA – pominięcie uwierzytelnienia w adicionar_tipo_docs_atendido.php