What's new?

November 2025

Responsible Disclosure: IDOR Vulnerability in Academic ERP System

Contineo ERP - Student Portal

Discovered and responsibly disclosed a high-severity Insecure Direct Object Reference (IDOR) vulnerability in the Exam History module of the academic ERP system used at BMS Institute of Technology and Management. The vulnerability allowed unauthorized access to personal and academic records of students across multiple institutions using the Contineo ERP platform.

The issue was identified in the exam results endpoint, where user authentication parameters could be manipulated to access other students' data without proper authorization checks. Reported the vulnerability directly to Contineo's security team with detailed reproduction steps and suggested remediation. The vendor has since patched the vulnerability, securing student data across all affected institutions.

Impact: High - Unauthorized access to sensitive student records
Status: Fixed by vendor

October 2025 - November 2025

Cybersecurity Finishing School Program

Centre of Excellence for Cybersecurity Karnataka (CySecK), Indian Institute of Science (IISc), Bengaluru

Completed an intensive month-long program covering network security, cloud security, threat analysis, digital forensics, and ethical hacking. Gained hands-on experience through labs, sessions, and a CTF challenge, bridging classroom learning with real-world cybersecurity applications.