LabRedesCefetRJ CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM LabRedesCefetRJ CVE published 2026-05-27

CVE-2026-45335

WeGIA, a web management platform for charitable institutions, contains an open redirect vulnerability in versions prior to 3.7.3. The flaw exists in the /WeGIA/controle/control.php endpoint, where the nextPage parameter lacks validation when used with metodo=listarTodos and nomeClasse=InternoControle. Attackers can craft URLs that redirect users to arbitrary external domains while appearing to originate f [truncated]

MEDIUM LabRedesCefetRJ CVE published 2026-05-27

CVE-2026-45027

WeGIA versions prior to 3.7.3 use unsalted SHA-256 for password hashing in authentication and password-change flows. SHA-256 is a fast, general-purpose hash unsuitable for password storage; without a salt, identical passwords yield identical digests, enabling efficient rainbow-table attacks against the credential database. The vulnerability is fixed in version 3.7.3.