Skip to main content

WeGIA CVE-2026-45335

| EUVD-2026-32566 MEDIUM
URL Redirection to Untrusted Site (Open Redirect) (CWE-601)
2026-05-27 security-advisories@github.com
PHP Open Redirect
5.4
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
May 27, 2026 - 21:07 vuln.today
Patch available
May 27, 2026 - 19:46 EUVD

DescriptionNVD

WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle. The application fails to validate or restrict the nextPage parameter, allowing attackers to redirect users to arbitrary external websites. This can be abused for phishing attacks, credential theft, malware distribution, and social engineering using the trusted WeGIA domain. This vulnerability is fixed in 3.7.3.

AnalysisAI

Open redirect in WeGIA before version 3.7.3 enables authenticated attackers to weaponize the trusted WeGIA domain for phishing, credential harvesting, and malware distribution by manipulating the unvalidated nextPage parameter at the /WeGIA/controle/control.php endpoint. Affected deployments include any WeGIA instance running versions prior to 3.7.3 where the control endpoint is accessible to low-privileged authenticated users. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-45335 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy