CVE-2026-23730 is an Open Redirect vulnerability classified under CWE-601 found in the WeGIA web management system developed by LabRedesCefetRJ. The vulnerability resides in the /WeGIA/controle/control.php endpoint, specifically in the handling of the nextPage parameter when combined with metodo=listarTodos and nomeClasse=ProdutoControle. The application fails to properly validate or restrict the nextPage parameter, allowing an attacker to craft URLs that redirect users to arbitrary external websites. This lack of validation can be exploited by attackers to conduct phishing attacks by luring users into clicking malicious links that appear to originate from the trusted WeGIA domain. Such redirections can also be used to distribute malware or perform social engineering attacks. The vulnerability does not require authentication but does require user interaction to trigger the redirect. The CVSS 4.8 score reflects a medium severity, considering the ease of exploitation (no authentication, low complexity) but limited impact on confidentiality, integrity, and availability. The vulnerability was publicly disclosed on January 16, 2026, and fixed in WeGIA version 3.6.2. There are no known exploits in the wild at this time.

For European organizations using WeGIA to manage charitable institutions, this vulnerability poses a risk primarily to end users and stakeholders who interact with the platform. Attackers could exploit the open redirect to craft convincing phishing campaigns that leverage the trusted WeGIA domain, increasing the likelihood of credential theft or malware infection. This could lead to unauthorized access to sensitive donor or organizational data, reputational damage, and potential financial loss. While the vulnerability does not directly compromise system integrity or availability, the indirect effects of successful phishing or malware campaigns could be significant. Given that WeGIA is a niche product, the impact is concentrated on organizations that rely on it for web management. The medium severity indicates that while the threat is not critical, it should not be ignored, especially in sectors handling sensitive donor information or financial transactions.

European organizations using WeGIA should immediately upgrade to version 3.6.2 or later, where this vulnerability is patched. Until the upgrade is applied, organizations should implement strict input validation and URL filtering on the nextPage parameter at the web application firewall (WAF) or reverse proxy level to block suspicious redirect attempts. Security teams should educate users about the risks of clicking on unexpected links, even if they appear to come from trusted domains. Monitoring web logs for unusual redirect patterns or spikes in traffic to external URLs can help detect exploitation attempts. Additionally, organizations should consider implementing multi-factor authentication (MFA) to reduce the impact of credential theft resulting from phishing. Regular security assessments and penetration testing focusing on URL redirection and input validation can help identify similar issues proactively.