An open redirect flaw exists in the WeGIA web manager’s /controle/control.php endpoint, specifically when the nextPage parameter is supplied together with metodo=listarTodos or listarId_Nome and nomeClasse=OrigemControle. The application accepts the nextPage value without validation, causing browsers to navigate the user to an arbitrary URL supplied by an attacker. This vulnerability, classified as CWE‑601, can be exploited to perform phishing, deliver malware, or manipulate legitimate users through social engineering while using the trusted WeGIA domain. The impact traffic reaches the victim’s browser and may lead to credential compromise or malicious downloads, but it does not directly expose internal data or allow code execution on the server.

The vulnerability affects installations of the WeGIA web manager from any version prior to 3.6.9 released by LabRedesCefetRJ. Users running the software before the 3.6.9 update should be aware that the nextPage parameter is unrestricted and can be manipulated by external parties.

The CVSS score of 5.1 indicates moderate severity, and the EPSS score of less than 1% implies that exploitation attempts are currently rare. The flaw is not listed in the CISA KEV catalog. Exploitation requires an attacker to entice a user to click a crafted link that points to the vulnerable endpoint with a malicious nextPage value; a passive user interaction is sufficient and therefore the attack vector is likely “user‑initiated click” under the web application domain.