CVE-2025-24020 – WeGIA Open Redirect Vulnerability

January 21, 2025
7:17 pm

CVE ID : CVE-2025-24020

Published : Jan. 21, 2025, 6:15 p.m. | 1 hour, 2 minutes ago

Description : WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-24020 – WeGIA Open Redirect Vulnerability

Elvescore.io

Recent Posts

CVE-2022-49043 – Libxml2 XML XInclude Use-After-Free Vulnerability

CVE-2024-10574 – “Quiz Maker Business, Developer, and Agency WordPress Unauthorized Modification and Cross-Site Scripting Vulnerability”

CVE-2024-10628 – Woocommerce Quiz Maker SQL Injection Vulnerability

CVE-2024-10633 – Quiz Maker Business, Developer, and Agency WordPress Plugin Shortcode Injection Vulnerability

CVE-2024-10636 – Quiz Maker Business/Developer/Agency WordPress Reflected Cross-Site Scripting

CVE-2025-24858 – Develocity Gradle Enterprise Password Hash Exposure

CVE-2025-24020 – WeGIA Open Redirect Vulnerability

CVE-2025-24020 – WeGIA Open Redirect Vulnerability