EUVD-2026-12378
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Lifecycle Timeline
4Description
Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/administracion/admin_usuarios.cgi?filtro_estado=T&wAccion=listado_xlsx&wBuscar=&wFiltrar=&wOrden=alta_usuario&wid_cursoActual=[ID]' where the data of users enrolled in the course is exported. Successful exploitation of this vulnerability could allow an unauthenticated attacker to access user data (e.g., usernames, first and last names, email addresses, and phone numbers) and retrieve the data of all users enrolled in courses by performing a brute-force attack on the course ID via a manipulated URL.
Analysis
An Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa allows unauthenticated attackers to access sensitive user data including usernames, full names, email addresses, and phone numbers of all enrolled students by manipulating course IDs in the export endpoint. The vulnerability requires no authentication and can be exploited remotely through simple URL manipulation and brute-force attacks on course IDs. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Campus Educativa instances in your environment and assess current user population exposure. Within 7 days: Apply the available vendor patch to all affected systems and verify patch deployment through security scanning. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today