CVE-2025-24020 - WeGIA Open Redirect Vulnerability
CVE ID : CVE-2025-24020 Published : Jan. 21, 2025, 6:15 p.m. | 1 hour, 59 minutes ago Description : WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24020
Published : Jan. 21, 2025, 6:15 p.m. | 1 hour, 59 minutes ago
Description : WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : Jan. 21, 2025, 6:15 p.m. | 1 hour, 59 minutes ago
Description : WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
