CVE-2026-23728

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.2

Description WeGIA is a web manager for charitable institutions. An Open Redirect issue exists in the /WeGIA/controle/control.php API endpoint, specifically through the nextPage parameter when used with metodo=listarTodos and nomeClasse=DestinoControle. The application does not properly validate or restrict the nextPage parameter, which allows attackers to redirect users to arbitrary external websites. This could be leveraged for phishing attacks, credential theft, malware distribution, and social engineering using the trusted WeGIA domain.

Recommendations Update WeGIA to version 3.6.2 or later.