Submit #743760: Portabilis i-Educar 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 Improper Authorizationinfo

Title	Portabilis i-Educar 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 Improper Authorization
Description	A Broken Function Level Authorization (BFLA) vulnerability in the Final Status Import tool allows an authenticated user with 'School' level permissions to modify student records across any school unit by providing enrollment IDs in a CSV file. This bypasses institution-level isolation and allows for mass sabotage of academic data.
Source	⚠️ https://github.com/ViniCastro2001/Security_Reports/tree/main/i-educar/BFLA-Final-Status-Import
User	vini_castro (UID 94745)
Submission	01/21/2026 21:08 (5 months ago)
Moderation	02/05/2026 20:32 (15 days later)
Status	Accepted
VulDB entry	344597 [Portabilis i-Educar up to 2.10 Final Status Import FinalStatusImportService.php school_id improper authorization]
Points	18

Want to know what is going to be exploited?

We predict KEV entries!