CVE-2025-50870 in Institute-of-Current-Students정보

요약

\~에 의해 MITRE • 2025. 08. 01.

Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address as input and directly returns the corresponding student's personal information without validating the identity or permissions of the requesting user. This allows any authenticated or unauthenticated attacker to enumerate and retrieve sensitive student details by altering the email value in the request URL, leading to information disclosure.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

책임이 있는

MITRE

예약하다

2025. 06. 16.

모더레이션

수락

항목

VDB-318526

EPSS

0.00358

출처

Want to know what is going to be exploited?

We predict KEV entries!