Primary

Context

WeGIA Open Redirect Vulnerability

Vulnerability

Patched

An open redirect vulnerability exists in WeGIA versions prior to 3.6.9. The issue arises because the redirect parameter is directly taken from the URL query string without any validation or whitelist check. This unvalidated input is then used verbatim in a 'Location' header, allowing for unauthorized redirection.

Impact

Exploitation of this vulnerability can lead to open redirect, allowing attackers to redirect users to malicious sites or phishing pages. This could interfere with authentication processes and damage user trust in the WeGIA platform.

Reproduction

To reproduce this vulnerability, send a GET request to 'WeGIA/html/configuracao/atualizacao.php' with a 'redirect' parameter containing the desired URL for redirection. The absence of URL validation will allow the redirect to occur as specified.

Remediation

Users can update to WeGIA version 3.6.9 or later, where this vulnerability has been patched.

Added: Apr 6, 2026, 10:21 PM

Updated: Apr 6, 2026, 10:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

5.6

remediation

7.7

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

5.6

remediation

7.7

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WeGIA Open Redirect Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

LabRedesCefetRJ WeGIA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating