WeGIA Open Redirect Vulnerability in Control.php Endpoint

An open redirect vulnerability exists in the WeGIA application for charitable institutions, specifically in versions prior to 3.6.9. The issue is located in the /WeGIA/controle/control.php endpoint, where the nextPage parameter is not properly validated. This vulnerability allows attackers to redirect users to arbitrary external websites, potentially leading to phishing attacks, credential theft, malware distribution, and social engineering, all under the guise of a trusted WeGIA domain.

Impact

Exploitation of this vulnerability can redirect users to phishing sites that steal credentials, malicious websites that distribute malware, or be used in social engineering attacks, damaging trust in the WeGIA platform.

Reproduction

To reproduce this vulnerability, send a GET request to the /WeGIA/controle/control.php endpoint. Include the nomeClasse parameter set to 'IentradaControle', the metodo parameter set to 'listarId', and the nextPage parameter with a URL of an external site. The request will be processed without validation of the nextPage parameter, allowing the redirect to occur.

Remediation

Users can update to WeGIA version 3.6.9 or later, where this vulnerability has been fixed.