Full disclosure: Edupage web and mobile application authorization bypass leaks PII and IBAN codes
Full Disclosuremailing list archivesFrom: Juraj Kosik <juraj.kosik () gmail com> 2026-5-17 21:14:53 Author: seclists.org(查看原文) 阅读量:1 收藏
Full Disclosuremailing list archivesFrom: Juraj Kosik <juraj.kosik () gmail com> 2026-5-17 21:14:53 Author: seclists.org(查看原文) 阅读量:1 收藏
Full Disclosure mailing list archives
From: Juraj Kosik <juraj.kosik () gmail com>
Date: Tue, 12 May 2026 12:39:30 +0200
VULNERABILITY Both authenticated and publicly accessible anonymous guest accounts on Edupage portal allow an attacker to capture the complete list of user IDs, names (students, parents, and teachers), and the associated banking details (IBAN codes) Full disclosure report: https://jkosik.github.io/posts/edupage/ Reference: https://www.edupage.org/ VENDOR: Applied Software Consultants PRODUCT: Edupage - https://www.edupage.org/ Web application and also mobile application (at least 2024.0.25 2.1.72) AFFECTED COMPONENT Edupage Payment module ATTACK TYPE Remote DISCOVERER Juraj Kosik CVE CVE-2025-70561 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- Full disclosure: Edupage web and mobile application authorization bypass leaks PII and IBAN codes Juraj Kosik (May 17)
文章来源: https://seclists.org/fulldisclosure/2026/May/3
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh