QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-24020

Back to search

CVE-2025-24020

Published: Jan 21, 2025

Modified: Feb 12, 2025

PUBLISHED

Description

WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue.

VendorProductVersions

LabRedesCefetRJ

WeGIA

affected
< 3.2.11

Weaknesses (CWE)

CWE-601

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now