9 matches found
CVE-2025-61148
An Insecure Direct Object Reference IDOR vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'recno' parameter in the /student/get-receipt endpoint...
CVE-2025-61148
An Insecure Direct Object Reference IDOR vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'recno' parameter in the /student/get-receipt endpoint...
CVE-2025-61148
CVE-2025-61148 describes an Insecure Direct Object Reference (IDOR) in EduplusCampus 3.0.1, specifically the Student Payment API. An authenticated user can access other students’ personal and financial records by altering the rec_no parameter in the /student/get-receipt endpoint. The issue is roo...
PT-2025-49097
Name of the Vulnerable Software and Affected Versions EduplusCampus version 3.0.1 Description An Insecure Direct Object Reference IDOR exists in the Student Payment API. Authenticated users can access other students’ personal and financial records by manipulating the rec no parameter within the...
CVE-2025-61148
An Insecure Direct Object Reference IDOR vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'recno' parameter in the /student/get-receipt endpoint...
EduplusCampus 安全漏洞
EduplusCampus is a school management system from EduplusCampus India. A security vulnerability exists in EduplusCampus version 3.0.1, which stems from the presence of an insecure direct object reference in the Student Payment API that could lead to unauthorized access to personal and financial...
CVE-2025-61148
An Insecure Direct Object Reference IDOR vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'recno' parameter in the /student/get-receipt endpoint...
EUVD-2025-201212
An Insecure Direct Object Reference IDOR vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'recno' parameter in the /student/get-receipt endpoint...
📄 EduplusCampus 3.0.1 Insecure Direct Object Reference
A critical insecure direct object reference vulnerability was identified in the EduplusCampus student portal version 3.0.1. This vulnerability allows an authenticated user to access the sensitive personal and financial records of other students by modifying the recno parameter in the API request...