Description
Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". Through a POST request, an authenticated user could change the ID parameter to retrieve all the stored information of other registered users.
References (1)
Core 1
Core References
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/authorization-bypass-upv-peix
Scores
CVSS v3
5.3
EPSS
0.0004
EPSS Percentile
11.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-639
Status
published
Products (1)
upv/peix
Published
Oct 03, 2023
Tracked Since
Feb 18, 2026