Platform
php
Component
wegia
Fixed in
3.6.10
CVE-2026-35398 describes an Open Redirect vulnerability affecting WeGIA, a web manager for charitable institutions. This flaw allows attackers to redirect users to malicious websites through manipulation of the 'nextPage' parameter within the /WeGIA/controle/control.php endpoint. Versions of WeGIA prior to 3.6.9 are vulnerable, and a patch is available in version 3.6.9.
CVE-2026-35398 in WeGIA, a web manager for charitable institutions, represents an open redirect vulnerability. Prior to version 3.6.9, the /WeGIA/controle/control.php endpoint allowed attackers to manipulate the 'nextPage' parameter to redirect users to arbitrary external websites. This is achieved by combining 'metodo=listarTodos & listarId_Nome and nomeClasse=OrigemControle' with a malicious value in 'nextPage'. The primary impact is the potential for phishing attacks, where users are tricked into revealing sensitive information or credentials believing they are interacting with a legitimate site. The lack of validation of the 'nextPage' parameter facilitates this manipulation, allowing attackers to construct deceptive URLs that mimic the WeGIA application’s appearance.
An attacker could exploit this vulnerability by constructing a malicious URL that includes the 'nextPage' parameter set to redirect to a website controlled by the attacker. For example, a URL like /WeGIA/controle/control.php?nextPage=http://attacker.com/phishing&metodo=listarTodos&listarId_Nome and nomeClasse=OrigemControle could redirect a user to attacker.com/phishing. The attacker could distribute this URL via phishing emails, social media, or other means to trick users into clicking on it. The appearance of the WeGIA application on the login page can increase the likelihood of users revealing their credentials.
Exploit Status
EPSS
0.03% (8% percentile)
The solution to mitigate CVE-2026-35398 is to update WeGIA to version 3.6.9 or later. This version includes the necessary fixes to validate and restrict the 'nextPage' parameter, preventing redirection to unauthorized external sites. In addition to the update, we recommend implementing additional security measures, such as verifying the legitimacy of links before clicking on them, and educating users about phishing risks. Monitoring server logs for suspicious redirection patterns can also help detect and respond to potential attacks. Strict input validation at all points in the application is a fundamental practice to prevent future vulnerabilities.
Update the WeGIA application to version 3.6.9 or later to mitigate the open redirect vulnerability. Ensure that the 'nextPage' parameter is properly validated and restricted to prevent users from being redirected to unauthorized external websites. Implement additional security measures, such as input validation and data sanitization, to protect against future attacks.
Vulnerability analysis and critical alerts directly to your inbox.
An open redirect is a vulnerability that allows an attacker to redirect users to an arbitrary website.
This vulnerability can be used for phishing attacks, where users are tricked into revealing sensitive information.
If you are using a version of WeGIA prior to 3.6.9, you are likely affected.
Change your passwords immediately and notify your security service provider.
If you cannot update immediately, implement additional security measures such as link validation and user education.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.