Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona’ using the ‘dni’ parameter.
History

Tue, 02 Sep 2025 08:30:00 +0000

Type Values Removed Values Added
Description Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona’ using the ‘dni’ parameter.
Title Multiple vulnerabilities in Deporsite by T-INNOVA
Weaknesses CWE-863
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published:

Updated: 2025-09-02T08:15:01.028Z

Reserved: 2025-04-16T09:09:26.929Z

Link: CVE-2025-41030

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-09-02T09:15:33.170

Modified: 2025-09-02T09:15:33.170

Link: CVE-2025-41030

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.