CVE-2026-23730 in WeGIA
Summary
by MITRE • 01/16/2026
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=ProdutoControle. The application fails to validate or restrict the nextPage parameter, allowing attackers to redirect users to arbitrary external websites. This can be abused for phishing attacks, credential theft, malware distribution, and social engineering using the trusted WeGIA domain. This vulnerability is fixed in 3.6.2.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 01/31/2026
The vulnerability described in CVE-2026-23730 represents a critical open redirect flaw within the WeGIA web management platform for charitable institutions. This security weakness exists in the /WeGIA/controle/control.php endpoint and specifically affects versions prior to 3.6.2. The vulnerability manifests when the nextPage parameter is manipulated in conjunction with metodo=listarTodos and nomeClasse=ProdutoControle, creating a dangerous condition where user input directly influences redirect behavior without proper validation or sanitization. The flaw stems from insufficient input validation mechanisms that fail to restrict the nextPage parameter to legitimate internal application paths, allowing attackers to inject malicious URLs that will be executed during the redirect process.
The technical implementation of this vulnerability places the application in a position where it blindly accepts and processes the nextPage parameter without performing adequate security checks. This type of vulnerability falls under CWE-601, which specifically addresses open redirect vulnerabilities where applications fail to validate redirect targets, and aligns with ATT&CK technique T1566.001 for phishing via social engineering. The flaw creates a trust exploitation vector where users are redirected through the legitimate WeGIA domain, making the malicious redirect appear trustworthy and increasing the likelihood of successful social engineering attacks. The combination of parameters metodo=listarTodos and nomeClasse=ProdutoControle provides a specific attack pathway that leverages the application's legitimate redirect functionality to serve malicious purposes.
From an operational standpoint, this vulnerability poses significant risks to both the organization using WeGIA and its end users. Attackers can exploit this flaw to redirect users to phishing pages that mimic the legitimate WeGIA interface, potentially capturing sensitive credentials or personal information. The vulnerability also enables malware distribution by redirecting users to sites hosting malicious payloads, while simultaneously providing a platform for sophisticated social engineering campaigns that leverage the trusted domain reputation. The impact extends beyond immediate credential theft, as the vulnerability can be used to establish persistent attack vectors and compromise the overall security posture of the charitable institution's digital infrastructure. Organizations relying on WeGIA for managing their operations face potential data breaches, regulatory compliance violations, and reputational damage when this vulnerability is exploited.
The remediation for this vulnerability requires implementing strict input validation and sanitization for the nextPage parameter within the control.php endpoint. Security measures should include validating that redirect targets conform to predefined internal application paths and rejecting any external URL references. Organizations should also implement a whitelist approach for redirect destinations, ensuring that only legitimate internal pages can be specified. The fix in version 3.6.2 demonstrates the importance of proper input validation and access control mechanisms in web applications. Additionally, implementing comprehensive logging and monitoring for redirect operations can help detect potential exploitation attempts. Organizations should conduct thorough security testing of web applications to identify similar vulnerabilities and ensure that all user-controllable parameters undergo proper validation before being processed by the application logic.