Vulnerability Description
WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wegia | Wegia | < 3.2.11 |
Related Weaknesses (CWE)
References
- https://github.com/LabRedesCefetRJ/WeGIA/commit/89d98bf074cebf6c4ed95fca6f64e325Patch
- https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/v3.2.11Release Notes
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-27g8-5q48-xmw6ExploitVendor Advisory
FAQ
What is CVE-2025-24020?
CVE-2025-24020 is a vulnerability with a CVSS score of 6.1 (MEDIUM). WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vul...
How severe is CVE-2025-24020?
CVE-2025-24020 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-24020?
Check the references section above for vendor advisories and patch information. Affected products include: Wegia Wegia.