CVE-2026-35474

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.9

Description WeGIA is a Web manager for charitable institutions. An open redirect issue exists in the WeGIA web application in versions prior to 3.6.9. The redirect parameter is directly taken from the $ GET request without any URL validation or whitelist checks, and is then used in a header("Location: ...") call. This allows an attacker to redirect users to arbitrary websites.

Recommendations Update to version 3.6.9 or later.