CVE-2026-3111
Multiple vulnerabilities on the Educativa Campus
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' (translated as 80x90 and 40x45). Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos of all users via a manipulated URL, enabling them to collect user photos en masse. This could lead to these photos being used maliciously to impersonate identities, perform social engineering, link identities across platforms using facial recognition, or even carry out doxxing.
| CWE | CWE-284 |
| Vendor | educativa |
| Product | campus |
| Published | Mar 16, 2026 |
| Last Updated | Mar 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for educativa campus
Be the first to know when new unknown vulnerabilities affecting educativa campus are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Educativa / Campus
14.05.00-35
References
Credits
Rubén Álvarez Elena