216.73.216.75

CVE-2025-61148

· Published 04/12/2025 16:16 · Modified 16/12/2025 17:51

Labels: CVE-2025-61148 2025-12-04CVE-2025-61148CWE-639[email protected]

Essential information

Published
04/12/2025 16:16
Modified
16/12/2025 17:51
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

An Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'rec_no' parameter in the /student/get-receipt endpoint.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
edupluscampus / edupluscampus cpe:2.3:a:edupluscampus:edupluscampus:3.0.1:*:*:*:*:*:*:*

References