CNNVD-202512-504 Information

CNNVD ID

CNNVD-202512-504

Related CVE

CVE-2025-61148

• CNNVD Published: 2025-12-04

Description (Chinese)

EduplusCampus是印度EduplusCampus公司的一个学校管理系统。 EduplusCampus 3.0.1版本存在安全漏洞，该漏洞源于Student Payment API存在不安全的直接对象引用，可能导致未授权访问个人和财务记录。

Description (English)

Duplus Campus is a school management system of the Indian company Eduplus Campus. There is a security loophole in Atlas Campus version 3.01, which stems from the presence of unsafe direct-object references in the Student Payment API, which may lead to unauthorized access to personal and financial records.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

EduplusCampus

Published

2025-12-04

Last Modified

2026-02-24

References

https://github.com/sharma19d/CVE-2025-61148 https://drive.google.com/file/d/1BRZRurbl7TY6KU4uaelAUn7L9Cn6XfjC/view?usp=sharing https://medium.com/@Charon19d/how-i-hacked-all-universities-in-my-city-d6b8e320455c https://access.redhat.com/security/cve/cve-2025-61148