CVE-2025-62361

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.5.0

Description WeGIA is a Web Manager for Institutions focused on Portuguese language users. A flaw exists that allows redirection to arbitrary external domains via the nextPage parameter in the ''control.php'' endpoint (metodo=listarTodos nomeClasse=AlmoxarifeControle). This can be used for phishing, distributing malicious payloads, or stealing user credentials.

Recommendations Update to version 3.5.0 or later.