An Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'rec_no' parameter in the /student/get-receipt endpoint.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| edupluscampus | edupluscampus | 3.0.1 |