CVE-2025-24020

Name of the Vulnerable Software and Affected Versions WeGIA versions up to and including 3.2.10

Description WeGIA is a Web manager for charitable institutions. An Open Redirect issue was identified in the control.php endpoint, allowing the nextPage parameter to be manipulated and redirecting authenticated users to arbitrary external URLs without validation. This issue stems from the lack of validation for the nextPage parameter, which accepts external URLs as redirection destinations. The issue can be exploited to perform phishing attacks or redirect users to malicious websites.

Recommendations For versions up to and including 3.2.10, update to version 3.2.11 to resolve the issue. As a temporary workaround, consider restricting access to the control.php endpoint or validating the nextPage parameter to minimize the risk of exploitation.