VYPR
Vendor

T-INNOVA

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2025-3575HigApr 15, 2025
    risk 0.57cvss epss 0.00

    Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint.

  • CVE-2025-3574HigApr 15, 2025
    risk 0.57cvss epss 0.00

    Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint.

  • CVE-2025-41031MedSep 2, 2025
    risk 0.45cvss epss 0.00

    Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users' profile pictures via a POST request using the parameters ‘IdPersona’ and “Foto” in ‘/ajax/TInnova_c/FotoUsuario/llamadaAjax/uploadImage’.

  • CVE-2025-41030MedSep 2, 2025
    risk 0.45cvss epss 0.00

    Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona’ using the ‘dni’ parameter.

  • CVE-2025-41069MedNov 13, 2025
    risk 0.34cvss epss 0.00

    Insecure Direct Object Reference (IDOR) vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in ‘/ajax/TInnova_v2/Formulario_Consentimiento/llamadaAjax/o…