| Título | Portabilis i-Educar 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 Improper Authorization |
|---|
| Descrição | A Broken Function Level Authorization (BFLA) vulnerability in the Final Status Import tool allows an authenticated user with 'School' level permissions to modify student records across any school unit by providing enrollment IDs in a CSV file. This bypasses institution-level isolation and allows for mass sabotage of academic data. |
|---|
| Fonte | ⚠️ https://github.com/ViniCastro2001/Security_Reports/tree/main/i-educar/BFLA-Final-Status-Import |
|---|
| Utilizador | vini_castro (UID 94745) |
|---|
| Submissão | 21/01/2026 21h08 (há 5 meses) |
|---|
| Moderação | 05/02/2026 20h32 (15 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 344597 [Portabilis i-Educar até 2.10 Final Status Import FinalStatusImportService.php school_id Elevação de Privilégios] |
|---|
| Pontos | 18 |
|---|