| عنوان | Portabilis i-Educar 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 Improper Authorization |
|---|
| الوصف | A Broken Function Level Authorization (BFLA) vulnerability in the Final Status Import tool allows an authenticated user with 'School' level permissions to modify student records across any school unit by providing enrollment IDs in a CSV file. This bypasses institution-level isolation and allows for mass sabotage of academic data. |
|---|
| المصدر | ⚠️ https://github.com/ViniCastro2001/Security_Reports/tree/main/i-educar/BFLA-Final-Status-Import |
|---|
| المستخدم | vini_castro (UID 94745) |
|---|
| ارسال | 21/01/2026 09:08 PM (5 أشهر منذ) |
|---|
| الاعتدال | 05/02/2026 08:32 PM (15 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 344597 [Portabilis i-Educar حتى 2.10 Final Status Import FinalStatusImportService.php school_id تجاوز الصلاحيات] |
|---|
| النقاط | 18 |
|---|