CVE-2026-23730

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.2

Description WeGIA is a web manager for charitable institutions. An Open Redirect issue exists in the /WeGIA/controle/control.php endpoint, specifically through the nextPage parameter when used with metodo=listarTodos and nomeClasse=ProdutoControle. The application does not properly validate or restrict the nextPage parameter, which allows attackers to redirect users to arbitrary external websites. This could be used for phishing attacks, credential theft, malware distribution, and social engineering leveraging the trusted WeGIA domain.

Recommendations Update to version 3.6.2 or later.