Home > Vulnerability Database > CVE-2025-24020

Mend.io Vulnerability Database

CVE-2025-24020

Date: January 21, 2025

WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the "control.php" endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the "nextPage" parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the "nextPage" parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue.

Severity Score

6.1

Related Resources (5)

Url: https://github.com/LabRedesCefetRJ/WeGIA/commit/89d98bf074cebf6c4ed95fca6f64e325c0b1d2f0

Url: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-27g8-5q48-xmw6

Url: https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/v3.2.11

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-24020

Url: https://www.mend.io/vulnerability-database/CVE-2025-24020

Severity Score

6.1

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-24020

Date: January 21, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?