exploitDog

CVE-2025-61148

Опубликовано: 04 дек. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'rec_no' parameter in the /student/get-receipt endpoint.

Ссылки

https://drive.google.com/file/d/1BRZRurbl7TY6KU4uaelAUn7L9Cn6XfjC/view?usp=sharing
Exploit
Third Party Advisory
https://github.com/sharma19d/CVE-2025-61148
Exploit
Third Party Advisory
https://medium.com/@Charon19d/how-i-hacked-all-universities-in-my-city-d6b8e320455c
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:edupluscampus:edupluscampus:3.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00034

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-fp99-3rpw-vrxx

CVSS3: 6.5

github

2 месяца назад

An Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'rec_no' parameter in the /student/get-receipt endpoint.

EPSS

Процентиль: 10%

0.00034

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-639