← Back to CVE List

CVE-2025-24020

Published: 2025-01-21T18:15Z
Last Modified: 2025-02-13T19:01Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt