CVE-2026-35474
WeGIA - Open Redirect - atualizacao redirection - Unvalidated $_GET['redirect']
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
12th
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $_GET with no URL validation or whitelist check, then used verbatim in a header("Location: ...") call. This vulnerability is fixed in 3.6.9.
| CWE | CWE-601 |
| Vendor | labredescefetrj |
| Product | wegia |
| Published | Apr 6, 2026 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for labredescefetrj wegia
Be the first to know when new unknown vulnerabilities affecting labredescefetrj wegia are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
LabRedesCefetRJ / WeGIA
< 3.6.9