CVE-2026-35472

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.9

Description The WeGIA application, a web manager for charitable institutions, contains an Open Redirect flaw in the /WeGIA/controle/control.php endpoint. The issue stems from insufficient validation of the nextPage parameter when used with metodo=listarTodos and nomeClasse=EstoqueControle, allowing attackers to redirect users to arbitrary external websites. This can be leveraged for phishing attacks, credential theft, malware distribution, and social engineering attacks using the trusted WeGIA domain.

Recommendations Update to version 3.6.9 or later.