Serosoft Solutions Academia SIS EagleR Information Disclosure Vulnerability

Vulnerability

A vulnerability allowing unauthenticated access to sensitive user information has been identified in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR version 1.0.118. The issue arises from improper access controls on the API endpoint /rest/cb/executeBasicSearch, which allows attackers to retrieve detailed personal information of all users and students without authentication. The exposed data includes full names, phone numbers, addresses, family information, and email addresses.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive personal information of all users and students within the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Serosoft Solutions Academia SIS EagleR Information Disclosure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating