cve-2024-45059
Vulnerability from cvelistv5
Published
2024-08-28 20:17
Modified
2024-09-06 19:27
Severity ?
EPSS score ?
Summary
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| portabilis | i-educar |
Version: < 2.9 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "i-educar",
"vendor": "portabilis",
"versions": [
{
"lessThanOrEqual": "2.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45059",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T20:34:36.479183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T20:35:01.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "i-educar",
"vendor": "portabilis",
"versions": [
{
"status": "affected",
"version": "\u003c 2.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:27:25.280Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr"
},
{
"name": "https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe"
},
{
"name": "https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html"
},
{
"name": "https://portswigger.net/web-security/sql-injection",
"tags": [
"x_refsource_MISC"
],
"url": "https://portswigger.net/web-security/sql-injection"
}
],
"source": {
"advisory": "GHSA-2v4w-7xqr-hxmr",
"discovery": "UNKNOWN"
},
"title": "Authenticated SQL Injection in i-Educar"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45059",
"datePublished": "2024-08-28T20:17:31.835Z",
"dateReserved": "2024-08-21T17:53:51.333Z",
"dateUpdated": "2024-09-06T19:27:25.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-45059\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-08-28T21:15:07.473\",\"lastModified\":\"2024-09-13T20:09:19.523\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue.\"},{\"lang\":\"es\",\"value\":\"i-Educar es un software de gesti\u00f3n escolar gratuito y completamente online que permite a las secretarias, profesores, coordinadores y responsables de \u00e1rea de la escuela crear una consulta SQL a partir de una concatenaci\u00f3n de un par\u00e1metro GET controlado por el usuario, lo que permite a un atacante manipular la consulta. La explotaci\u00f3n exitosa de esta falla permite a un atacante tener acceso completo y sin restricciones a la base de datos, con un usuario web con permisos m\u00ednimos. Esto puede implicar la obtenci\u00f3n de informaci\u00f3n del usuario, como correos electr\u00f3nicos, hashes de contrase\u00f1as, etc. Este problema a\u00fan no ha sido parcheado. Se recomienda a los usuarios que se pongan en contacto con el desarrollador y que coordinen un cronograma de actualizaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.9\",\"matchCriteriaId\":\"BAA7BA67-9C1B-461B-90CF-2BB79C838BAF\"}]}]}],\"references\":[{\"url\":\"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Technical Description\"]},{\"url\":\"https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://portswigger.net/web-security/sql-injection\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Technical Description\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45059\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-28T20:34:36.479183Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*\"], \"vendor\": \"portabilis\", \"product\": \"i-educar\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.9\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-28T20:34:58.231Z\"}}], \"cna\": {\"title\": \"Authenticated SQL Injection in i-Educar\", \"source\": {\"advisory\": \"GHSA-2v4w-7xqr-hxmr\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"portabilis\", \"product\": \"i-educar\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.9\"}]}], \"references\": [{\"url\": \"https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr\", \"name\": \"https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe\", \"name\": \"https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html\", \"name\": \"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://portswigger.net/web-security/sql-injection\", \"name\": \"https://portswigger.net/web-security/sql-injection\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-09-06T19:27:25.280Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-45059\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-06T19:27:25.280Z\", \"dateReserved\": \"2024-08-21T17:53:51.333Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-08-28T20:17:31.835Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.