| Título | Portabilis i-Educar 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 Improper Authorization |
|---|
| Descripción | A Broken Function Level Authorization (BFLA) vulnerability in the Final Status Import tool allows an authenticated user with 'School' level permissions to modify student records across any school unit by providing enrollment IDs in a CSV file. This bypasses institution-level isolation and allows for mass sabotage of academic data. |
|---|
| Fuente | ⚠️ https://github.com/ViniCastro2001/Security_Reports/tree/main/i-educar/BFLA-Final-Status-Import |
|---|
| Usuario | vini_castro (UID 94745) |
|---|
| Sumisión | 2026-01-21 21:08 (hace 5 meses) |
|---|
| Moderación | 2026-02-05 20:32 (15 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 344597 [Portabilis i-Educar hasta 2.10 Final Status Import FinalStatusImportService.php school_id escalada de privilegios] |
|---|
| Puntos | 18 |
|---|