CVE-2024-45059 (GCVE-0-2024-45059)
Vulnerability from cvelistv5 – Published: 2024-08-28 20:17 – Updated: 2024-09-06 19:27
VLAI?
Title
Authenticated SQL Injection in i-Educar
Summary
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue.
Severity ?
8.8 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| portabilis | i-educar |
Affected:
< 2.9
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "i-educar",
"vendor": "portabilis",
"versions": [
{
"lessThanOrEqual": "2.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45059",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T20:34:36.479183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T20:35:01.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "i-educar",
"vendor": "portabilis",
"versions": [
{
"status": "affected",
"version": "\u003c 2.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:27:25.280Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr"
},
{
"name": "https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe"
},
{
"name": "https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html"
},
{
"name": "https://portswigger.net/web-security/sql-injection",
"tags": [
"x_refsource_MISC"
],
"url": "https://portswigger.net/web-security/sql-injection"
}
],
"source": {
"advisory": "GHSA-2v4w-7xqr-hxmr",
"discovery": "UNKNOWN"
},
"title": "Authenticated SQL Injection in i-Educar"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45059",
"datePublished": "2024-08-28T20:17:31.835Z",
"dateReserved": "2024-08-21T17:53:51.333Z",
"dateUpdated": "2024-09-06T19:27:25.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-45059",
"date": "2026-04-24",
"epss": "0.00143",
"percentile": "0.34379"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.9\", \"matchCriteriaId\": \"BAA7BA67-9C1B-461B-90CF-2BB79C838BAF\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue.\"}, {\"lang\": \"es\", \"value\": \"i-Educar es un software de gesti\\u00f3n escolar gratuito y completamente online que permite a las secretarias, profesores, coordinadores y responsables de \\u00e1rea de la escuela crear una consulta SQL a partir de una concatenaci\\u00f3n de un par\\u00e1metro GET controlado por el usuario, lo que permite a un atacante manipular la consulta. La explotaci\\u00f3n exitosa de esta falla permite a un atacante tener acceso completo y sin restricciones a la base de datos, con un usuario web con permisos m\\u00ednimos. Esto puede implicar la obtenci\\u00f3n de informaci\\u00f3n del usuario, como correos electr\\u00f3nicos, hashes de contrase\\u00f1as, etc. Este problema a\\u00fan no ha sido parcheado. Se recomienda a los usuarios que se pongan en contacto con el desarrollador y que coordinen un cronograma de actualizaci\\u00f3n.\"}]",
"id": "CVE-2024-45059",
"lastModified": "2024-09-13T20:09:19.523",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2024-08-28T21:15:07.473",
"references": "[{\"url\": \"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Technical Description\"]}, {\"url\": \"https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://portswigger.net/web-security/sql-injection\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Technical Description\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-45059\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-08-28T21:15:07.473\",\"lastModified\":\"2024-09-13T20:09:19.523\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue.\"},{\"lang\":\"es\",\"value\":\"i-Educar es un software de gesti\u00f3n escolar gratuito y completamente online que permite a las secretarias, profesores, coordinadores y responsables de \u00e1rea de la escuela crear una consulta SQL a partir de una concatenaci\u00f3n de un par\u00e1metro GET controlado por el usuario, lo que permite a un atacante manipular la consulta. La explotaci\u00f3n exitosa de esta falla permite a un atacante tener acceso completo y sin restricciones a la base de datos, con un usuario web con permisos m\u00ednimos. Esto puede implicar la obtenci\u00f3n de informaci\u00f3n del usuario, como correos electr\u00f3nicos, hashes de contrase\u00f1as, etc. Este problema a\u00fan no ha sido parcheado. Se recomienda a los usuarios que se pongan en contacto con el desarrollador y que coordinen un cronograma de actualizaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.9\",\"matchCriteriaId\":\"BAA7BA67-9C1B-461B-90CF-2BB79C838BAF\"}]}]}],\"references\":[{\"url\":\"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Technical Description\"]},{\"url\":\"https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://portswigger.net/web-security/sql-injection\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Technical Description\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45059\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-28T20:34:36.479183Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*\"], \"vendor\": \"portabilis\", \"product\": \"i-educar\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.9\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-28T20:34:58.231Z\"}}], \"cna\": {\"title\": \"Authenticated SQL Injection in i-Educar\", \"source\": {\"advisory\": \"GHSA-2v4w-7xqr-hxmr\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"portabilis\", \"product\": \"i-educar\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.9\"}]}], \"references\": [{\"url\": \"https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr\", \"name\": \"https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe\", \"name\": \"https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html\", \"name\": \"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://portswigger.net/web-security/sql-injection\", \"name\": \"https://portswigger.net/web-security/sql-injection\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-09-06T19:27:25.280Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-45059\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-06T19:27:25.280Z\", \"dateReserved\": \"2024-08-21T17:53:51.333Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-08-28T20:17:31.835Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…