PT-2026-30740 · Wegia · Wegia
Dapickle
·
Published
2026-04-06
·
Updated
2026-04-06
·
CVE-2026-35473
CVSS v4.0
5.1
Medium
| AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
WeGIA versions prior to 3.6.9
Description
The WeGIA application, a web manager for charitable institutions, contains an Open Redirect flaw in the
/WeGIA/controle/control.php endpoint. The issue stems from insufficient validation of the nextPage parameter when used with metodo=listarId and nomeClasse=IentradaControle, enabling attackers to redirect users to malicious external websites. This could be leveraged for phishing, credential theft, malware distribution, and social engineering attacks using the trusted WeGIA domain.Recommendations
Update to version 3.6.9 or later.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wegia