WeGIA Open Redirect Vulnerability in Control.php Endpoint

A vulnerability allowing open redirection has been identified in the WeGIA application, specifically in the control.php endpoint of versions prior to 3.2.10. This vulnerability allows authenticated users to be redirected to arbitrary external URLs via the nextPage parameter, which is not properly validated. As a result, this issue could be exploited for phishing attacks or to direct users to malicious websites. Unauthenticated users will receive a 'Client not authorized' message.

Impact

Exploitation of this vulnerability could lead to phishing attacks, where users are redirected to fake login pages, or to sites distributing malware. Additionally, it could damage the reputation of the WeGIA domain.

Reproduction

To reproduce this vulnerability, log into the WeGIA application and navigate to the control.php endpoint. Once there, use the nextPage parameter to specify a URL to which you want to be redirected. After submitting the request, you will be taken to the specified URL, demonstrating the open redirect vulnerability.

Remediation

Users can update to WeGIA version 3.2.11, which addresses this vulnerability.