QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-23729

Back to search

CVE-2026-23729

Published: Jan 16, 2026

Modified: Jan 16, 2026

PUBLISHED

Description

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarDescricao and nomeClasse=ProdutoControle. The application fails to validate or restrict the nextPage parameter, allowing attackers to redirect users to arbitrary external websites. This can be abused for phishing attacks, credential theft, malware distribution, and social engineering using the trusted WeGIA domain. This vulnerability is fixed in 3.6.2.

VendorProductVersions

LabRedesCefetRJ

WeGIA

affected
< 3.6.2

Weaknesses (CWE)

CWE-601

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now
CVE-2026-23729 - Security Vulnerability | QwikSec