CVE-2025-24020

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-24020

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24020.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-24020

Aliases

GHSA-27g8-5q48-xmw6

Published

2025-01-21T18:15:18Z

Modified

2025-01-22T08:58:57.733731Z

Summary

[none]

Details

WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the control.php endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the nextPage parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the nextPage parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue.

References

Affected packages

Git / github.com/labredescefetrj/wegia

Affected ranges

Type: GIT
Repo: https://github.com/labredescefetrj/wegia
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

89d98bf074cebf6c4ed95fca6f64e325c0b1d2f0

Affected versions

0.*

0.9.4-beta

v1.*

v1.0

v2.*

v2.0

v2.0-beta

v3.*

v3.0

v3.1

v3.2.0

v3.2.10

v3.2.6

v3.2.7

v3.2.8

v3.2.9