← voltar
CVE-2025-24020

WeGIA Open Redirect vulnerability

CVSS 4.8 MEDIUMEPSS 0.3%CWE-601
WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Produtos afetados
LabRedesCefetRJ · WeGIA

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/LabRedesCefetRJ/WeGIA/commit/89d98bf074cebf6c4ed95fca6f64e325c0b1d2f0https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/v3.2.11https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-27g8-5q48-xmw6