CVE-2026-35396

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.9

Description WeGIA is a Web manager for charitable institutions. An Open Redirect issue exists in the /WeGIA/controle/control.php endpoint through the nextPage parameter when used with metodo=listarId and nomeClasse=IsaidaControle. The application does not properly validate the nextPage parameter, potentially redirecting users to malicious external websites. This could be leveraged for phishing, credential theft, malware distribution, and social engineering attacks using the WeGIA domain.

Recommendations Update WeGIA to version 3.6.9 or later.