CVE-2026-3111 is an Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa. The vulnerability exists at the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg'. An unauthenticated attacker can exploit this vulnerability by manipulating the URL to access profile photos of all users, potentially leading to malicious use such as impersonation, social engineering, or doxxing.
An Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa allows unauthenticated attackers to export user enrollment data via a manipulated URL parameter. The vulnerable endpoint accepts a course ID parameter (`wid_cursoActual`) without proper authorization checks, enabling brute-force enumeration of course IDs to harvest usernames, names, email addresses, and phone numbers of all enrol [truncated]