Security Advisory

CVE-2025-61148

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-04 00:00:00
Last updated 2025-12-08 15:28:30
Assigner mitre
State PUBLISHED

Description

An Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the rec_no parameter in the /student/get-receipt endpoint.