HIGH
Educativa
CVE published 2026-03-16
CVE-2026-3110
An Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa allows unauthenticated attackers to export user enrollment data via a manipulated URL parameter. The vulnerable endpoint accepts a course ID parameter (`wid_cursoActual`) without proper authorization checks, enabling brute-force enumeration of course IDs to harvest usernames, names, email addresses, and phone numbers of all enrol [truncated]