CVE-2026-3110
Multiple vulnerabilities on the Educativa Campus
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/administracion/admin_usuarios.cgi?filtro_estado=T&wAccion=listado_xlsx&wBuscar=&wFiltrar=&wOrden=alta_usuario&wid_cursoActual=[ID]' where the data of users enrolled in the course is exported. Successful exploitation of this vulnerability could allow an unauthenticated attacker to access user data (e.g., usernames, first and last names, email addresses, and phone numbers) and retrieve the data of all users enrolled in courses by performing a brute-force attack on the course ID via a manipulated URL.
| CWE | CWE-284 |
| Vendor | educativa |
| Product | campus |
| Published | Mar 16, 2026 |
| Last Updated | Mar 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for educativa campus
Be the first to know when new unknown vulnerabilities affecting educativa campus are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Educativa / Campus
14.05.00-35
References
Credits
Rubén Álvarez Elena