CVE-2026-35396
Open Redirect in WeGIA control.php Enables Phishing Attacks
Publication date: 2026-04-06
Last updated on: 2026-04-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wegia | wegia | to 3.6.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Open Redirect issue found in the WeGIA web application prior to version 3.6.9. It occurs in the /WeGIA/controle/control.php endpoint through the nextPage parameter when used with specific parameters (metodo=listarId and nomeClasse=IsaidaControle). The application does not properly validate or restrict the nextPage parameter, which allows attackers to redirect users to arbitrary external websites.
Because the redirection happens on a trusted domain, attackers can exploit this to conduct phishing attacks, steal credentials, distribute malware, or perform social engineering.
How can this vulnerability impact me? :
The vulnerability can impact users and organizations by enabling attackers to redirect users to malicious external sites while appearing to come from the trusted WeGIA domain.
- Phishing attacks that trick users into revealing sensitive information.
- Credential theft by redirecting users to fake login pages.
- Malware distribution through malicious redirects.
- Social engineering attacks leveraging the trusted domain to increase user trust.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in WeGIA version 3.6.9. Immediate mitigation involves upgrading the WeGIA application to version 3.6.9 or later.
Until the upgrade can be applied, consider restricting or validating the nextPage parameter in the /WeGIA/controle/control.php endpoint to prevent open redirects.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is an Open Redirect in the WeGIA application that can be exploited for phishing, credential theft, malware distribution, and social engineering by abusing the trusted domain.
Such exploitation can lead to unauthorized disclosure of personal data or compromise of user credentials, which may impact compliance with data protection regulations like GDPR and HIPAA that require safeguarding user data and preventing unauthorized access.
However, the provided information does not explicitly state the direct impact on compliance with these standards.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an Open Redirect in the /WeGIA/controle/control.php endpoint via the nextPage parameter when combined with metodo=listarId and nomeClasse=IsaidaControle.
To detect this vulnerability on your system or network, you can attempt to access the vulnerable endpoint with crafted URLs that include the nextPage parameter pointing to an external site.
- Use curl or wget to send requests to the endpoint with the parameters, for example:
- curl -I "http://your-weGIA-domain/WeGIA/controle/control.php?metodo=listarId&nomeClasse=IsaidaControle&nextPage=http://evil.com"
- Check if the response redirects to the external URL (http://evil.com) indicating the presence of the vulnerability.
- Alternatively, monitor network traffic for unexpected redirects from the /WeGIA/controle/control.php endpoint.