Open Redirect Vulnerability in WeGIA Web Manager for Charitable Institutions
CVE-2026-35474

5.1MEDIUM

Key Information:

Vendor: Labredescefetrj
Status: Wegia
Vendor: CVE Published:; 6 April 2026

🔔 Create Labredescefetrj Vulnerability Alert

What is CVE-2026-35474?

The WeGIA web manager for charitable institutions is vulnerable to open redirect attacks due to improper handling of input parameters. Prior to version 3.6.9, the application directly accepted the redirect parameter from the $_GET variable without performing any validation or implementing a whitelist check. This flaw allows an attacker to manipulate the redirect location, potentially leading users to malicious websites inadvertently. The vulnerability has been addressed in version 3.6.9, which is recommended for all users to ensure security.

Affected Version(s)

WeGIA < 3.6.9

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...

x_refsource_CONFIRM

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2026
Vulnerability Reserved
Apr 2, 2026

CVE-2026-35474 Data

JSON