Open Redirect in Labredescefetrj Wegia

CVE-2026-35474

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $_GET with no URL validation or whitelist check, then used verbatim in a header…

Vulnerability class: Open Redirect

EPSS: 0.000 (13.3th percentile) — read the EPSS interpretation.

Affected products

Labredescefetrj Wegia — versions < 3.6.9

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-7935-g3wg-h55w (x_refsource_CONFIRM)