Description

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue.

INFO

Published Date :

2024-08-28T20:17:31.835Z

Last Modified :

2024-09-06T19:27:25.280Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45059 vulnerability.

Vendors Products
Portabilis
  • I-educar
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45059.

URL Resource
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html cve-icon cve-icon
https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe cve-icon cve-icon
https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr cve-icon cve-icon
https://portswigger.net/web-security/sql-injection cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact