CVE-2025-50870 in Institute-of-Current-Students
요약
\~에 의해 MITRE • 2025. 08. 01.
Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address as input and directly returns the corresponding student's personal information without validating the identity or permissions of the requesting user. This allows any authenticated or unauthenticated attacker to enumerate and retrieve sensitive student details by altering the email value in the request URL, leading to information disclosure.
VulDB is the best source for vulnerability data and more expert information about this specific topic.