CVE-2024-45058
CVSS V2 None
CVSS V3 None
Description
i-Educar is free, completely online school management software that allows school secretaries, teachers, coordinators and area managers. An attacker with only minimal viewing privileges in the settings section is able to change their user type to Administrator (or another type with super-permissions). Any user is capable of becoming an administrator, which can lead to account theft, changing administrative tasks, etc. The failure occurs in the file located in ieducar/intranet/educar_usuario_cad.php on line 446 , which does not perform checks on the user's current permission level to make changes. This issue has not yet been patched. Users are advised to contact the developer and to coordinate an update schedule.
Overview
- CVE ID
- CVE-2024-45058
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-08-28T20:17:30.179Z
- Last Modified Date
- 2024-08-28T20:35:17.069Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/portabilis/i-educar/security/advisories/GHSA-53vj-fq8x-2mvg | x_refsource_CONFIRM |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-45058 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45058 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-08-29 13:07:56 | Added to TrackCVE |