WeGIA Open Redirect Vulnerability in Control.php Endpoint

An open redirect vulnerability exists in the WeGIA application for charitable institutions, specifically in versions prior to 3.6.9. The issue is located in the /WeGIA/controle/control.php endpoint, where the nextPage parameter is not properly validated. This vulnerability allows attackers to redirect users to arbitrary external websites, potentially leading to phishing attacks, credential theft, malware distribution, and social engineering, all under the guise of a trusted WeGIA domain.

Impact

Exploitation can redirect users to phishing sites that steal credentials, malicious sites that distribute malware, or be used for social engineering attacks, damaging trust in the WeGIA platform.

Reproduction

To reproduce this vulnerability, send a GET request to the /WeGIA/controle/control.php endpoint. Include the nomeClasse parameter set to EstoqueControle, the metodo parameter set to listarTodos, and the nextPage parameter with a URL of an external site, such as https://evil.com. The application will redirect to the URL specified in the nextPage parameter, bypassing validation.

Remediation

Users can update to WeGIA version 3.6.9 or later, where this vulnerability has been fixed.