CVE-2026-23727

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.2

Description WeGIA is a web manager for charitable institutions. An Open Redirect issue exists in the /WeGIA/controle/control.php API endpoint, specifically through the nextPage parameter when used with metodo=listarTodos and nomeClasse=TipoSaidaControle. The application does not properly validate the nextPage parameter, which allows attackers to redirect users to malicious websites. This could be used for phishing attacks, stealing credentials, distributing malware, and social engineering, leveraging the trust associated with the WeGIA domain.

Recommendations Update to version 3.6.2 or later.