CVE-2025-50870 in Institute-of-Current-Studentsinfo

Zusammenfassung

von MITRE • 01.08.2025

Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address as input and directly returns the corresponding student's personal information without validating the identity or permissions of the requesting user. This allows any authenticated or unauthenticated attacker to enumerate and retrieve sensitive student details by altering the email value in the request URL, leading to information disclosure.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Zuständig

MITRE

Reservieren

16.06.2025

Veröffentlichung

01.08.2025

Moderieren

akzeptiert

Eintrag

VDB-318526

CPE

bereit

EPSS

0.00358

KEV

nein

Aktivitäten

very low

Quellen

Want to know what is going to be exploited?

We predict KEV entries!