
We found results for “”
CVE-2025-24020
Date: January 21, 2025
WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the "control.php" endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the "nextPage" parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the "nextPage" parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
URL Redirection to Untrusted Site ('Open Redirect')
CWE-601CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |