Vinay Sharma

1 exploit Active since Dec 2025
CVE-2025-61148 NOMISEC MEDIUM WRITEUP
edupluscampus 3.0.1 - Authenticated Insecure Direct Object Reference via 'rec_no' Parameter
An Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'rec_no' parameter in the /student/get-receipt endpoint.
CVSS 6.5