Отправить #743760: Portabilis i-Educar 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 Improper AuthorizationИнформация

Название	Portabilis i-Educar 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 Improper Authorization
Описание	A Broken Function Level Authorization (BFLA) vulnerability in the Final Status Import tool allows an authenticated user with 'School' level permissions to modify student records across any school unit by providing enrollment IDs in a CSV file. This bypasses institution-level isolation and allows for mass sabotage of academic data.
Источник	⚠️ https://github.com/ViniCastro2001/Security_Reports/tree/main/i-educar/BFLA-Final-Status-Import
Пользователь	vini_castro (UID 94745)
Представление	21.01.2026 21:08 (5 месяцы назад)
Модерация	05.02.2026 20:32 (15 days later)
Статус	принято
Запись VulDB	344597 [Portabilis i-Educar до 2.10 Final Status Import FinalStatusImportService.php school_id эскалация привилегий]
Баллы	18

Do you know our Splunk app?

Download it now for free!