Cyber Resilience

CVE-2024-45058

HighPublic PoC

Published: 28 August 2024

Published
28 August 2024
Modified
13 September 2024
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.2430 96.2th percentile
Risk Priority 31 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45058 is a high-severity Improper Input Validation (CWE-20) vulnerability in Portabilis I-Educar. Its CVSS base score is 8.1 (High).

Operationally, ranked in the top 3.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

i-Educar is free, fully online school management software. Prior to the 2.9 branch, the application contained an authorization flaw in ieducar/intranet/educar_usuario_cad.php that failed to validate a user's existing permission level before processing a POST request containing the nivel_usuario_ parameter. This allowed an authenticated user to alter their own account type without restriction.

An attacker holding only minimal viewing privileges in the settings section can submit a crafted POST request to /intranet/educar_usuario_cad.php and thereby elevate their account to Administrator or any other role possessing super-permissions, resulting in full control over user management functions and exposure of sensitive data.

The referenced GitHub security advisory GHSA-53vj-fq8x-2mvg and the patch in commit c25910cdf11ab50e50162a49dd44bef544422b6e address the issue by adding an explicit permission check before allowing changes to user levels. The current EPSS score of 0.2430 shows no material increase from its recorded peak.

EU & UK References

Vulnerability details

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change…

more

their user type to Administrator (or another type with super-permissions) through a specifically crafted POST request to `/intranet/educar_usuario_cad.php`, modifying the `nivel_usuario_` parameter. The vulnerability occurs in the file located at `ieducar/intranet/educar_usuario_cad.php`, which does not check the user's current permission level before allowing changes. Commit c25910cdf11ab50e50162a49dd44bef544422b6e contains a patch for the issue.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

portabilis
i-educar
≤ 2.9

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-269 CWE-862

Policy addresses roles, responsibilities, and privilege management to prevent improper privilege assignments.

addresses: CWE-269 CWE-862

Access supervision ensures privileges are assigned and managed without improper escalation or retention.

addresses: CWE-269 CWE-862

Assigning group/role memberships and access authorizations (privileges) while reviewing accounts addresses improper privilege management.

addresses: CWE-862 CWE-269

Always invoking the reference monitor prevents missing authorization checks for protected resources.

addresses: CWE-862 CWE-269

Requires verification that authorization checks are present and operational for protected resources.

addresses: CWE-862 CWE-269

Requiring explicit authorization for each internal connection prevents missing authorization.

addresses: CWE-269 CWE-862

Restricting who can perform changes helps ensure privileges are managed properly rather than assigned broadly.

addresses: CWE-269 CWE-862

Manages privileges by authorizing only approved personnel and supervising those lacking required authorizations for maintenance.

References