Vulnerability — CVE-2025-24020

CVE-2025-24020

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2025-24020
Description:: WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue.
Last updated date:: 02/13/2025

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/13/2025
Reference url to background: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-27g8-5q48-xmw6