CVE-2026-35474

MEDIUM WAF: Medium

CVSS 6.1 Published: 2026-04-06

CWE-601

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $_GET with no URL validation or whitelist check, then used verbatim in a header("Location: ...") call. This vulnerability is fixed in 3.6.9.

WAF Coverage Analysis

Open Redirect Medium WAF Coverage

OWASP: A01:2021 Broken Access Control

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
wegia	wegia	up to 3.6.9

References

github.com (Exploit, Vendor Advisory)

Back to CVE Database