| 제목 | Portabilis i-Educar 2.9.10 Improper Handling of Insufficient Permissions or Privileges |
|---|
| 설명 | Users without the necessary privileges to change user types can modify the permissions of registered user types through an arbitrary request to the endpoint responsible for this action. This allows low-privileged users to escalate their privileges by granting maximum permissions to the user type they are associated with, compromising all sections of the application. |
|---|
| 원천 | ⚠️ https://docs.google.com/document/d/1yGubpU9I6JnkKsrdNRP6bUCeQv3ZDcknXAHOzFZBkGQ/ |
|---|
| 사용자 | m3m0o (UID 87980) |
|---|
| 제출 | 2025. 10. 08. AM 04:05 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 09. PM 01:59 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 327714 [Portabilis i-Educar 까지 2.9.10 User Type AccessLevelController.php 잘못된 구성] |
|---|
| 포인트들 | 18 |
|---|