WeGIA Open Redirect Vulnerability in Control.php Endpoint

An open redirect vulnerability exists in the WeGIA application for charitable institutions, specifically in versions prior to 3.6.9. The issue is located in the /WeGIA/controle/control.php endpoint, where the nextPage parameter is not properly validated. This vulnerability allows attackers to redirect users to arbitrary external websites, potentially leading to phishing attacks, credential theft, malware distribution, and social engineering, all under the guise of the trusted WeGIA domain.

Impact

Exploitation of this vulnerability can be used for phishing attacks by redirecting users to fake login pages, or to sites hosting malware. It could also damage user trust in the WeGIA platform.

Reproduction

To reproduce this vulnerability, send a GET request to the /WeGIA/controle/control.php endpoint. Include the nomeClasse parameter set to 'OrigemControle', the metodo parameter set to 'listarTodos' or 'listarId_Nome', and the nextPage parameter with a URL of an external site, such as 'https://evil.com'.

Remediation

Users can update to WeGIA version 3.6.9 or later, where this vulnerability has been fixed.