CVE-2026-3111

Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/ID/username/thumbAAxAA.jpg' translated as 80x90 and 40x45. Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos of...

CVE-2026-3110

CVE-2026-3110 describes an insecure direct object reference (IDOR) in Campus Educativa. An unauthenticated attacker can access user data by exploiting the endpoint /administracion/admin_usuarios.cgi?filtro_estado=T&wAccion=listado_xlsx&wBuscar=&wFiltrar=&wOrden=alta_usuario&wid_cursoActual=[ID], ...

educativa Campus Educativa 访问控制错误漏洞

Educativa Campus Educativa is an educational management platform owned by the Spanish company Educativa. Educativa Campus Educativa has a security vulnerability related to access control. This vulnerability stems from insecure direct object references in the...

CVE-2025-13221 Intelbras UnniTI usuarios.xml credentials storage

A weakness has been identified in Intelbras UnniTI 24.07.11. The affected element is an unknown function of the file /xml/sistema/usuarios.xml. Executing manipulation of the argument Usuario/Senha can lead to unprotected storage of credentials. The attack can be executed remotely. The exploit has...

CVE-2025-60314

Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored Cross-Site Scripting XSS due to the lack of input sanitization on the product name parameter Nombre:Producto allowing an authenticated attacker to inject malicious payloads and execute arbitrary JavaScript...

Malicious Package

Overview gestion-usuarios is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in gestion-usuarios (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fe0dc407db39c0fef791ed6f17adc1803bdbbe0c7c9881c50921632d16ccf09 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47926 Malicious code in gestion-usuarios (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fe0dc407db39c0fef791ed6f17adc1803bdbbe0c7c9881c50921632d16ccf09 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-10074

A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de Usuário/Descrição leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly...

PT-2025-36421

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions prior to 2.11 Description: A cross site scripting issue exists in Portabilis i-Educar up to version 2.10. The issue is related to the manipulation of the Tipos de Usuário/Descrição argument within an unknown...

i-Educar 代码注入漏洞

i-Educar is a free educational software open source by Portábilis. A code injection vulnerability exists in i-Educar 2.10 and earlier versions, which stems from improper handling of parameters in the /usuarios/tipos file and could lead to cross-site scripting attacks...

CVE-2025-8538

A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /usuarios/tipos/novo. The manipulation of the argument name/description leads to cross site scripting. The attack can be launched...

Portábilis i-Educar 安全漏洞

Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. A security vulnerability exists in Portábilis i-Educar version 2.10, which stems from improper handling of the parameter name/description in the file /usuarios/tipos/novo, which could...

Innovación y Cualificación 安全漏洞

Innovación y Cualificación is an e-learning solution from Innovación y Cualificación. Innovación y Cualificación has a security vulnerability that stems from improper access control and could lead to an attacker gaining access to sensitive information of other users...

usuarios-cad.es Improper Access Control vulnerability OBB-3826170

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

usuarios-cad.com Improper Access Control vulnerability OBB-3814308

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2018-19829

Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/listausuarios, resulting in the ability to delete an arbitrary user when the ID number is known...

CVE-2018-19829

Integria IMS 5.0.83 is affected by a Cross-Site Request Forgery in the endpoint godmode/usuarios/lista_usuarios, enabling deletion of an arbitrary user when the user ID is known. PoCs/Exploits describe GET/POST-based deletion. A patched version, 5.0.84, is indicated in connected references; updat...

PHPfileNavigator 2.3.3 XSS / CSRF Vulnerabilities

PHPfileNavigator version 2.3.3 suffers from persistent and reflective cross site scripting and cross site request forgery vulnerabilities. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812c.txt Vendo...

Script (articulos.php) SQL Injection Vulnerability

Exploit for php platform in category web applications ================================================== Script articulos.php SQL Injection Vulnerability ================================================== Date: 20-6-2010 Author: CaSpErHaK Tested on: linux // =============================founded B...