Primary

Context

Portabilis i-Educar Broken Access Control Vulnerability in Exportacao-para-o-seb Endpoint

Vulnerability

A broken access control vulnerability has been identified in the Portabilis i-Educar application, affecting versions through 2.10. The vulnerability resides in the '/exportacao-para-o-seb' endpoint, where improper access controls allow low-privileged users to access restricted functionality. This issue can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows unauthorized access to functionality intended for higher-privileged users, potentially leading to unauthorized data access or manipulation.

Reproduction

To reproduce this vulnerability, authenticate as a low-privileged user and send a POST request to the '/exportacao-para-o-seb' endpoint. Include the necessary cookies and headers to mimic a legitimate user session. The response will contain a file that should not be accessible to the user.

Added: Sep 5, 2025, 4:18 PM

Updated: Sep 5, 2025, 8:35 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

3.1

exploitability

6.6

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

3.1

exploitability

6.6

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Portabilis i-Educar Broken Access Control Vulnerability in Exportacao-para-o-seb Endpoint

Vulnerability

Impact

Reproduction

Affected Products

Portabilis i-Educar

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating