Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". Through a POST request, an authenticated user could change the ID parameter to retrieve all the stored information of other registered users.
https://www.incibe.es/en/incibe-cert/notices/aviso/authorization-bypass-upv-peix