← back
CVE-2025-53821

WeGIA vulnerable to Open Redirect in endpoint 'control.php' parameter 'nextPage'

CVSS 4.7 MEDIUMEPSS 0.2%CWE-601
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 Jul 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the `nextPage` parameter, leading to an uncontrolled redirection. Version 3.4.5 contains a fix for the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Affected products
LabRedesCefetRJ · WeGIA

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-f5c2-jmm6-v2c5