Unrated severityNVD Advisory· Published Jan 21, 2025· Updated Feb 12, 2025

WeGIA Open Redirect vulnerability

CVE-2025-24020

Description

WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the control.php endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the nextPage parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the nextPage parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue.

Affected products

LabRedesCefetRJ/Wegiav5
Range: < 3.2.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/LabRedesCefetRJ/WeGIA/commit/89d98bf074cebf6c4ed95fca6f64e325c0b1d2f0mitrex_refsource_MISC
github.com/LabRedesCefetRJ/WeGIA/releases/tag/v3.2.11mitrex_refsource_MISC
github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-27g8-5q48-xmw6mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000