CVE-2025-50870 — CRITICAL (9.8)

Vulnerability Description

Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address as input and directly returns the corresponding student's personal information without validating the identity or permissions of the requesting user. This allows any authenticated or unauthenticated attacker to enumerate and retrieve sensitive student details by altering the email value in the request URL, leading to information disclosure.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Related Weaknesses (CWE)

CWE-284

References

FAQ

What is CVE-2025-50870?

CVE-2025-50870 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address as input and directly returns the corr...

How severe is CVE-2025-50870?

CVE-2025-50870 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-50870?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.