CNNVD-202510-1637 Information
CNNVD ID
CNNVD-202510-1637
Related CVE
- CNNVD Published: 2025-10-13
Description (Chinese)
WeGIA是Nilson Lazarin个人开发者的一个福利机构的网络管理器。 WeGIA 3.5.0之前版本存在输入验证错误漏洞,该漏洞源于control.php端点中nextPage参数存在开放重定向,可能导致用户被重定向到恶意域名。
Description (English)
WeGIA is the network manager of a welfare institution of the Nelson Lazarin personal developer. The previous version of WeGIA 3.5.0 had an input validation error loophole, which originated from the open redirection of the nextPage parameter in the control.php endpoint, which could lead to the redirection of the user to a malicious domain name.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
个人开发者
Published
2025-10-13
Last Modified
2026-02-24
References
https://github.com/LabRedesCefetRJ/WeGIA/commit/2b53003b5956dbbf0ce554b680245f55ad869821 https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-m99c-77f2-gpjx https://access.redhat.com/security/cve/cve-2025-62361
Patch
https://github.com/LabRedesCefetRJ/WeGIA/releases
Share on: