Unrated severityNVD Advisory· Published Dec 4, 2025· Updated Dec 8, 2025
CVE-2025-61148
CVE-2025-61148
Description
An Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'rec_no' parameter in the /student/get-receipt endpoint.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 3.0.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.