CVE-2026-3110

Name of the Vulnerable Software and Affected Versions Campus Educativa (affected versions not specified)

Description An Insecure Direct Object Reference (IDOR) vulnerability exists in Campus Educativa at the API endpoint '/administracion/admin usuarios.cgi?filtro estado=T&wAccion=listado xlsx&wBuscar=&wFiltrar=&wOrden=alta usuario&wid cursoActual=[ID]'. This allows an unauthenticated attacker to access user data, including usernames, first and last names, email addresses, and phone numbers. Exploitation involves performing a brute-force attack on the course ID (wid cursoActual) via a manipulated URL to retrieve data of all users enrolled in courses.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.