Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-62361— WeGIA Open Redirect Vulnerability in `control.php` endpoint `nextPage` parameter (metodo=listarTodos nomeClasse=AlmoxarifeControle)

EPSS 0.03% · P10
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-62361

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
WeGIA Open Redirect Vulnerability in `control.php` endpoint `nextPage` parameter (metodo=listarTodos nomeClasse=AlmoxarifeControle)
Source: NVD (National Vulnerability Database)
Vulnerability Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0, an Open Redirect vulnerability was identified in the control.php endpoint of the WeGIA application, specifically in the nextPage parameter (metodo=listarTodos nomeClasse=AlmoxarifeControle). This vulnerability allows attackers to redirect users to arbitrary external domains, enabling phishing campaigns, malicious payload distribution, or user credential theft. This vulnerability is fixed in 3.5.0.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Source: NVD (National Vulnerability Database)
Vulnerability Title
WeGIA 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WeGIA是Nilson Lazarin个人开发者的一个福利机构的网络管理器。 WeGIA 3.5.0之前版本存在输入验证错误漏洞,该漏洞源于control.php端点中nextPage参数存在开放重定向,可能导致用户被重定向到恶意域名。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LabRedesCefetRJWeGIA < 3.5.0 -

II. Public POCs for CVE-2025-62361

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-62361

登录查看更多情报信息。

Same Patch Batch · LabRedesCefetRJ · 2025-10-13 · 7 CVEs total

CVE-2025-623585.4 MEDIUMWeGIA Reflected XSS to Account TakeOver at /html/configuracao/configuracao_geral.php via l
CVE-2025-621783.5 LOWWeGIA Cross-Site Scripting (XSS) Reflected endpoint '/html/atendido/cadastro_atendido_pare
CVE-2025-62360WeGIA SQL Injection via 'id_dependente' param at endpoint `/html/funcionario/dependente_do
CVE-2025-62359WeGIA Cross-Site Scripting (XSS) Reflected endpoint id_pet
CVE-2025-62179WeGIA SQL Injection via 'cpf' param at endpoint `/html/funcionario/cadastro_funcionario_pe
CVE-2025-62177WeGIA vulnerable to SQL Injection via 'id_funcionario' param at endpoint `/html/funcionari

IV. Related Vulnerabilities

Same product: WeGIA
Same vendor: LabRedesCefetRJ
Same weakness: CWE-601

V. Comments for CVE-2025-62361

No comments yet

Leave a comment