Primary

Context

Deporsite by T-INNOVA Lack of Authorization Vulnerability Allowing Information Disclosure

Vulnerability

A lack of authorization vulnerability has been identified in Deporsite by T-INNOVA, affecting versions prior to DSuite 2025 v02.14.1115. This vulnerability allows an unauthenticated attacker to access information from other users by sending a GET request to '/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona' with the 'dni' parameter.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure, allowing attackers to access personal data of other users.

Remediation

Users can upgrade to Deporsite version DSuite 2025 v02.14.1115 to address this vulnerability.

Added: Sep 2, 2025, 9:20 AM

Updated: Sep 2, 2025, 4:13 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Deporsite by T-INNOVA Lack of Authorization Vulnerability Allowing Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating