Open Redirect in Labredescefetrj Wegia

CVE-2026-35475

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $_GET with no URL validation or whitelist check, then used verbatim in a header("Location: ...") call. This vulnerability is…

Vulnerability class: Open Redirect

EPSS: 0.000 (13.3th percentile) — read the EPSS interpretation.

Affected products

Labredescefetrj Wegia — versions < 3.6.9

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qfpg-6jh6-jx6p (x_refsource_CONFIRM)