Submit #636580: Portabilis i-educar 2.10 Improper Authorizationinfo

TitlePortabilis i-educar 2.10 Improper Authorization
Description# Broken Access Control – Missing Function-Level Access Control in `/educacenso/consulta` Endpoint ## Summary A Broken Access Control vulnerability was identified in the `/educacenso/consulta` endpoint of the i-Educar application. This issue allows authenticated users without the required role to access functionalities or data that should be restricted, resulting in an elevation of privilege and unauthorized access. ## Details **Vulnerable Endpoint:** `GET /educacenso/consulta` **Authentication:** Required (but insufficient authorization checks) **Role required:** Just app access **Affected scenario:** A user without the required role is still able to directly access the endpoint. The application fails to enforce proper role-based access control (RBAC) on the `/educacenso/consulta` endpoint. As a result, users with lower privilege levels can access sensitive data and functionalities that should be restricted to higher-privileged roles. ## PoC Request using a session from a user without the Educacenso role: `GET /educacenso/consulta HTTP/1.1 Host: <target> Cookie: PHPSESSID=<low_privileged_session>` ![[Pasted image 20250817125352.png]] **Observed Result:** The server responds with HTTP 200 and returns restricted content. **Expected Result:** The server should respond with HTTP 403 (Forbidden). ## Impact The impact of this vulnerability depends on the nature of the data and functionality exposed by the Educacenso module, but may include: - Unauthorized access to sensitive educational census data. - Elevation of privilege from a basic user to roles with access to restricted modules. - Potential manipulation of sensitive data if write operations are accessible. - Breach of confidentiality and integrity of protected information. - Compliance violations if sensitive personal data is exposed to unauthorized users. ## Classification - **OWASP Top 10 (2021):** A01 – Broken Access Control - **CWE:** CWE-285 (Improper Authorization) - **CVSS v4.0 (suggested):** 7.7 (High), depending on whether the endpoint exposes only read access or also allows modification of sensitive data. CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:U
Source⚠️ https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Access%20Control%20%E2%80%93%20Missing%20Function-Level%20Access%20Control%20in%20%60.educacenso.consulta%60%20Endpoint.md
User
 marceloQz (UID 87549)
Submission08/17/2025 23:17 (8 months ago)
Moderation08/28/2025 17:28 (11 days later)
StatusAccepted
VulDB entry321787 [Portabilis i-Educar up to 2.10 /educacenso/consulta improper authorization]
Points20

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!