Home

Description

Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the Administracion/usuarios/cambiar_password_olvido_validar.php txt_login parameter.

PUBLISHED Reserved 2025-08-12 | Published 2025-11-05 | Updated 2025-11-06 | Assigner mitre

References

minka.gob.ec/quipux-comunitario/quipux-comunitario

seguridaddigital.ec/research/20251101/report-20251101.en.pdf

cve.org (CVE-2025-55342)

nvd.nist.gov (CVE-2025-55342)

Download JSON