cvedb.io
CVE-2025-61606
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2025-10-02T21:16:01.490 · Last modified 2026-06-17T09:50:38.470

Summary

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter (metodo=listarUmnomeClasse=FuncionarioControle). This vulnerability allows attackers to redirect users to arbitrary external domains, enabling phishing campaigns, malicious payload distribution, or user credential theft. This issue is fixed in version 3.5.0.

Affected products

wegia — wegia

Does this affect you?

Add your gear to cvedb and we'll alert you only when wegia ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.