CVE-2026-3111
IDOR Vulnerability in Campus Educativa Allows Unauthorized Photo Access
Publication date: 2026-03-16
Last updated on: 2026-03-16
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-3111 is an Insecure Direct Object Reference (IDOR) vulnerability found in Campus Educativa, an e-learning software for companies.'}, {'type': 'paragraph', 'content': "The vulnerability specifically affects the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg', which serves user profile photos in sizes 80x90 and 40x45 pixels."}, {'type': 'paragraph', 'content': 'An unauthenticated attacker can exploit this vulnerability by manipulating the URL to access profile photos of all users without authorization.'}, {'type': 'paragraph', 'content': 'This unauthorized access allows mass collection of user photos, which can be misused for identity impersonation, social engineering attacks, linking identities across platforms using facial recognition, or doxxing.'}] [1]
How can this vulnerability impact me? :
The vulnerability allows an attacker to access and collect profile photos of all users without authentication.
- Identity impersonation using stolen photos.
- Social engineering attacks leveraging user images.
- Linking user identities across different platforms through facial recognition.
- Doxxing or exposing personal information by distributing collected photos.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to access the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' with manipulated user IDs and usernames in the URL to see if unauthorized profile photos are accessible."}, {'type': 'paragraph', 'content': 'A simple method to test this is to use command-line tools like curl or wget to request profile photo URLs with different user IDs and usernames and check if the server returns images without authentication.'}, {'type': 'list_item', 'content': 'curl -I https://[target-domain]/archivos/usuarios/1/username/thumb_AAxAA.jpg'}, {'type': 'list_item', 'content': 'curl -I https://[target-domain]/archivos/usuarios/2/otheruser/thumb_AAxAA.jpg'}, {'type': 'paragraph', 'content': 'If these requests return HTTP 200 responses with image content without requiring authentication, it indicates the presence of the vulnerability.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The immediate step to mitigate this vulnerability is to upgrade Campus Educativa to version 14.05.00-159 or later, where the issue has been fixed.'}, {'type': 'paragraph', 'content': "Additionally, restrict access to the '/archivos/usuarios/' endpoint by implementing proper access controls to ensure that only authorized users can access profile photos."}, {'type': 'paragraph', 'content': 'Monitor access logs for unusual or unauthorized requests to user photo URLs and consider temporarily disabling public access to these resources until the patch is applied.'}] [1]