Open Redirect Vulnerability in WeGIA Web Manager for Charitable Institutions
CVE-2026-23730

4.8MEDIUM

Key Information:

Vendor

Labredescefetrj

Status
Wegia
Vendor
CVE Published:
16 January 2026

What is CVE-2026-23730?

An Open Redirect vulnerability exists in WeGIA prior to version 3.6.2, specifically within the /WeGIA/controle/control.php endpoint. This issue arises due to improper validation of the nextPage parameter in the context of specific query parameters, which allows attackers to redirect users to arbitrary external websites. Such a flaw can be exploited in various malicious activities, including phishing attacks, credential theft, and even malware distribution, leveraging the trust associated with the WeGIA domain to deceive users. It is crucial for users to update to version 3.6.2 or later to mitigate these risks.

Affected Version(s)

WeGIA < 3.6.2

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...
x_refsource_CONFIRM
https://github.com/LabRedesCefetRJ/WeGIA/pull/1333
x_refsource_MISC
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2
x_refsource_MISC

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.