Primary

Context

WeGIA Open Redirect Vulnerability in control.php Endpoint

Vulnerability

Patched

An open redirect vulnerability has been identified in WeGIA, a web management application for Portuguese-speaking charitable organizations, in versions prior to 3.4.5. The issue arises in the control.php endpoint, where the nextPage parameter can be manipulated to redirect users to arbitrary URLs, creating potential for phishing, malware distribution, SEO spam, and credential harvesting.

Impact

Exploitation of this vulnerability can lead to phishing attacks, malware distribution, SEO spam, and credential harvesting, harming user security and the reputation of the affected website.

Reproduction

To reproduce this vulnerability, send a GET request to the control.php endpoint with the metodo, nomeClasse, and nextPage parameters. The nextPage parameter should be set to an arbitrary URL, such as http://127.0.0.1. This will trigger an uncontrolled redirection to the specified URL.

Remediation

Users can upgrade to WeGIA version 3.4.5 or later, where this vulnerability has been fixed.

Added: Jul 14, 2025, 11:23 PM

Updated: Jul 14, 2025, 11:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

5.8

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

5.8

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WeGIA Open Redirect Vulnerability in control.php Endpoint

Vulnerability

Impact

Reproduction

Remediation

Affected Products

LabRedesCefetRJ WeGIA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating