PT-2026-30735 · Wegia · Wegia
Dapickle
·
Published
2026-04-06
·
Updated
2026-04-06
·
CVE-2026-35398
CVSS v4.0
5.1
Medium
| AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
WeGIA versions prior to 3.6.9
Description
WeGIA is a Web manager for charitable institutions. An Open Redirect issue exists in the
/WeGIA/controle/control.php endpoint due to insufficient validation of the nextPage parameter when used with metodo=listarTodos & listarId Nome and nomeClasse=OrigemControle. This allows attackers to redirect users to arbitrary external websites, potentially leading to phishing attacks, credential theft, malware distribution, and social engineering leveraging the trusted WeGIA domain.Recommendations
Update WeGIA to version 3.6.9 or later.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wegia