CNNVD-202510-269 Information
CNNVD ID
CNNVD-202510-269
Related CVE
- CNNVD Published: 2025-10-02
Description (Chinese)
WeGIA是Nilson Lazarin个人开发者的一个福利机构的网络管理器。 WeGIA 3.4.12及之前版本存在安全漏洞,该漏洞源于Almoxarifado实体的删除操作通过HTTP GET暴露且缺少跨站请求伪造保护,可能导致第三方网站利用受害者认证会话触发操作。
Description (English)
WeGIA is the network manager of a welfare institution of the Nelson Lazarin personal developer. WeGIA 3.4.12 and previous versions have a security loophole, which stems from the fact that the removal operations of the Almoxarifado entity were exposed through HTTP GET and lacked cross-site protection for forgery, which could result in third-party websites using victim authentication sessions to trigger operations.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-10-02
Last Modified
2026-02-24
References
https://github.com/LabRedesCefetRJ/WeGIA/commit/839de09798f61c9a76043bb2c4b3063d310c5aed https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-59hm-4m9h-ch3m
Patch
https://github.com/LabRedesCefetRJ/WeGIA/releases
Share on: