PatchSiren

Educativa CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Educativa CVE published 2026-03-16

CVE-2026-3111

CVE-2026-3111 is an Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa. The vulnerability exists at the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg'. An unauthenticated attacker can exploit this vulnerability by manipulating the URL to access profile photos of all users, potentially leading to malicious use such as impersonation, social engineering, or doxxing.

HIGH Educativa CVE published 2026-03-16

CVE-2026-3110

An Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa allows unauthenticated attackers to export user enrollment data via a manipulated URL parameter. The vulnerable endpoint accepts a course ID parameter (`wid_cursoActual`) without proper authorization checks, enabling brute-force enumeration of course IDs to harvest usernames, names, email addresses, and phone numbers of all enrol [truncated]