






















VULNERABILITY Both authenticated and publicly accessible anonymous guest accounts on Edupage portal allow an attacker to capture the complete list of user IDs, names (students, parents, and teachers), and the associated banking details (IBAN codes) Full disclosure report: https://jkosik.github.io/posts/edupage/ Reference: https://www.edupage.org/ VENDOR: Applied Software Consultants PRODUCT: Edupage - https://www.edupage.org/ Web application and also mobile application (at least 2024.0.25 2.1.72) AFFECTED COMPONENT Edupage Payment module ATTACK TYPE Remote DISCOVERER Juraj Kosik CVE CVE-2025-70561 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。