CVE-2026-35474 PUBLISHED

WeGIA - Open Redirect - atualizacao redirection - Unvalidated $_GET['redirect']

Assigner: GitHub_M
Reserved: 02.04.2026 Published: 06.04.2026 Updated: 06.04.2026

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $_GET with no URL validation or whitelist check, then used verbatim in a header("Location: ...") call. This vulnerability is fixed in 3.6.9.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
CVSS Score: 5.1

Product Status

Vendor LabRedesCefetRJ
Product WeGIA
Versions
  • Version < 3.6.9 is affected

References

Problem Types

  • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') CWE