PT-2026-30741 · Wegia · Wegia
Dapickle
·
Published
2026-04-06
·
Updated
2026-04-06
·
CVE-2026-35474
CVSS v4.0
5.1
Medium
| AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
WeGIA versions prior to 3.6.9
Description
WeGIA is a Web manager for charitable institutions. An open redirect issue exists in the WeGIA web application in versions prior to 3.6.9. The
redirect parameter is directly taken from the $ GET request without any URL validation or whitelist checks, and is then used in a header("Location: ...") call. This allows an attacker to redirect users to arbitrary websites.Recommendations
Update to version 3.6.9 or later.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wegia