CVE-2026-35475

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.9

Description WeGIA is a Web manager for charitable institutions. Prior to version 3.6.9, the redirect parameter is directly taken from the $ GET request without any URL validation or whitelist check. This parameter is then used directly in a header("Location: ...") call. This could allow an attacker to redirect users to a malicious website.

Recommendations Update WeGIA to version 3.6.9 or later.