CVE-2025-2202 MEDIUM

CVE-2025-2202: Broken access control vulnerability in the Innovación y Cualificación local administration plugin ajax.php

Vendor Innovación Y Cualificación
Product ajax.php plugin
Weakness CWE-863 · Incorrect authorization
Published March 17, 2025
Last update March 17, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Broken access control vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain sensitive information about other users such as id, name, login and email.

Key dates

02Disclosure timeline

March 17, 2025 CVE published
March 17, 2025 Record updated