CVE-2024-45059

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-45059
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html Technical Description
https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe Patch
https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr Exploit Third Party Advisory
https://portswigger.net/web-security/sql-injection Technical Description
Configurations

Configuration 1 (hide)

cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*
History

13 Sep 2024, 20:09

Type Values Removed Values Added
CPE cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*
First Time Portabilis i-educar
Portabilis
References () https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html - () https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html - Technical Description
References () https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe - () https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe - Patch
References () https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr - () https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr - Exploit, Third Party Advisory
References () https://portswigger.net/web-security/sql-injection - () https://portswigger.net/web-security/sql-injection - Technical Description

06 Sep 2024, 20:15

Type Values Removed Values Added
Summary (en) i-Educar is free, completely online school management software that allows school secretaries, teachers, coordinators and area managers. In affected versions Creating a SQL query from a concatenation of a user-controlled GET parameter allows an attacker to manipulate the query. Successful exploitation of this flaw allows an attacker to have complete and unrestricted access to the database, with a web user with minimal permissions. This may involve obtaining user information, such as emails, password hashes, etc. This issue has not yet been patched. Users are advised to contact the developer and to coordinate an update schedule. (en) i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue.
References
  • () https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe -

29 Aug 2024, 13:25

Type Values Removed Values Added
Summary
  • (es) i-Educar es un software de gestión escolar gratuito y completamente online que permite a las secretarias, profesores, coordinadores y responsables de área de la escuela crear una consulta SQL a partir de una concatenación de un parámetro GET controlado por el usuario, lo que permite a un atacante manipular la consulta. La explotación exitosa de esta falla permite a un atacante tener acceso completo y sin restricciones a la base de datos, con un usuario web con permisos mínimos. Esto puede implicar la obtención de información del usuario, como correos electrónicos, hashes de contraseñas, etc. Este problema aún no ha sido parcheado. Se recomienda a los usuarios que se pongan en contacto con el desarrollador y que coordinen un cronograma de actualización.

28 Aug 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-28 21:15

Updated : 2024-09-13 20:09

NVD link : CVE-2024-45059

Mitre link : CVE-2024-45059

CVE.ORG link : CVE-2024-45059

JSON object : View

Products Affected

portabilis

  • i-educar
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')