CVE-2024-45059

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html	Technical Description
https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe	Patch
https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr	Exploit Third Party Advisory
https://portswigger.net/web-security/sql-injection	Technical Description

Configurations

Configuration 1 (hide)

cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-08-28 21:15

Updated : 2024-09-13 20:09

NVD link : CVE-2024-45059

Mitre link : CVE-2024-45059

CVE.ORG link : CVE-2024-45059

JSON object : View

Products Affected

portabilis

i-educar

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-45059", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-08-28T21:15:07.473", "references": [{"url": "https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html", "tags": ["Technical Description"], "source": "security-advisories@github.com"}, {"url": "https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://portswigger.net/web-security/sql-injection", "tags": ["Technical Description"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue."}, {"lang": "es", "value": "i-Educar es un software de gesti\u00f3n escolar gratuito y completamente online que permite a las secretarias, profesores, coordinadores y responsables de \u00e1rea de la escuela crear una consulta SQL a partir de una concatenaci\u00f3n de un par\u00e1metro GET controlado por el usuario, lo que permite a un atacante manipular la consulta. La explotaci\u00f3n exitosa de esta falla permite a un atacante tener acceso completo y sin restricciones a la base de datos, con un usuario web con permisos m\u00ednimos. Esto puede implicar la obtenci\u00f3n de informaci\u00f3n del usuario, como correos electr\u00f3nicos, hashes de contrase\u00f1as, etc. Este problema a\u00fan no ha sido parcheado. Se recomienda a los usuarios que se pongan en contacto con el desarrollador y que coordinen un cronograma de actualizaci\u00f3n."}], "lastModified": "2024-09-13T20:09:19.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAA7BA67-9C1B-461B-90CF-2BB79C838BAF", "versionEndIncluding": "2.9"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}