WeGIA Broken Access Control Vulnerability in Reports Endpoint Allows Unauthenticated Data Access

A broken access control vulnerability has been identified in WeGIA versions 3.4.12 and below. The issue resides in the 'get_relatorios_socios.php' endpoint, where unauthenticated attackers can access sensitive personal and financial information of members without any authentication or authorization. This vulnerability exposes data such as full names, phone numbers, CPF (Brazilian ID), financial amounts, email addresses, and membership status.

Impact

Exploitation of this vulnerability leads to unauthorized access to personally identifiable information (PII), including CPF, phone numbers, emails, and financial data. This privacy breach could facilitate fraud, social engineering, and identity theft. Additionally, it may violate Brazil's LGPD and other data protection laws.

Reproduction

To reproduce this vulnerability, send a GET request to the 'get_relatorios_socios.php' endpoint without authentication. Include parameters for 'tipo_socio', 'tipo_pessoa', 'operador', 'valor', 'tag', and 'status'. The response will contain unredacted personal and financial information of members.

Remediation

Users are advised to update to WeGIA version 3.5.0, where this vulnerability has been patched. Additionally, implement strict authentication and role-based access control on the reports endpoint to prevent unauthorized data access.