Vulnerability Description
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=EstoqueControle. The application fails to validate or restrict the nextPage parameter, allowing attackers to redirect users to arbitrary external websites. This can be abused for phishing attacks, credential theft, malware distribution, and social engineering using the trusted WeGIA domain. This vulnerability is fixed in 3.6.9.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wegia | Wegia | < 3.6.9 |
Related Weaknesses (CWE)
References
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-h8wm-6xhv-r547ExploitVendor Advisory
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-h8wm-6xhv-r547ExploitVendor Advisory
FAQ
What is CVE-2026-35472?
CVE-2026-35472 is a vulnerability with a CVSS score of 6.1 (MEDIUM). WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically thr...
How severe is CVE-2026-35472?
CVE-2026-35472 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-35472?
Check the references section above for vendor advisories and patch information. Affected products include: Wegia Wegia.