Description
Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' (translated as 80x90 and 40x45). Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos of all users via a manipulated URL, enabling them to collect user photos en masse. This could lead to these photos being used maliciously to impersonate identities, perform social engineering, link identities across platforms using facial recognition, or even carry out doxxing.
Published: 2026-03-16
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access to user photos leading to potential impersonation and social engineering
Action: Immediate patch
AI Analysis

Impact

An insecure direct object reference in the Educativa Campus application allows an attacker to craft URLs targeting the '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' path and retrieve profile pictures of any user without authentication. Once collected, these photos can be used to impersonate identities, facilitate social engineering, link accounts across platforms via facial recognition, or carry out doxxing. The vulnerability resides in the absence of proper object‑level access control, corresponding to CWE‑284.

Affected Systems

The affected product is Educativa Campus version 14.05.00-35. The vendor has released a fix in version 14.05.00-159 and later releases. No other versions or products are listed as vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. The EPSS score of less than 1% suggests a low likelihood of exploitation in the wild, and the vulnerability is not currently included in the CISA KEV catalog. The attack vector is inferred to be remote via manipulated URLs, requiring no user interaction beyond accessing the crafted link. Once exploited, the attacker gains read access to all user profile photos, compromising privacy and enabling further malicious activities.

Generated by OpenCVE AI on March 22, 2026 at 14:48 UTC.

Remediation

Vendor Solution

The vulnerabilities have been fixed by Educativa team in version 14.05.00-159 and latest.

OpenCVE Recommended Actions

  • Upgrade Educativa Campus to version 14.05.00-159 or later, which contains the vendor‑provided fix.
  • If an upgrade cannot be performed immediately, restrict or filter access to the '/archivos/usuarios' endpoint and enforce authentication before serving profile images.
  • After applying the patch or restriction, verify that the endpoint no longer serves photos to unauthenticated requests and monitor access logs for any suspicious activity.

Generated by OpenCVE AI on March 22, 2026 at 14:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
Description Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' (translated as 80x90 and 40x45). Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos of all users via a manipulated URL, enabling them to collect user photos en masse. This could lead to these photos being used maliciously to impersonate identities, perform social engineering, link identities across platforms using facial recognition, or even carry out doxxing.
Title Multiple vulnerabilities on the Educativa Campus
First Time appeared Educativa
Educativa campus
Weaknesses CWE-284
CPEs cpe:2.3:a:educativa:campus:14.05.00-35:*:*:*:*:*:*:*
Vendors & Products Educativa
Educativa campus
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Educativa Campus
cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published:

Updated: 2026-03-16T18:57:16.114Z

Reserved: 2026-02-24T10:54:35.705Z

Link: CVE-2026-3111

cve-icon Vulnrichment

Updated: 2026-03-16T18:57:10.875Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-16T14:19:47.090

Modified: 2026-03-16T14:53:07.390

Link: CVE-2026-3111

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T07:02:54Z

Weaknesses