Portabilis i-Educar Broken Access Control Vulnerability in the Enturmar Endpoint

A broken access control vulnerability exists in Portabilis i-Educar versions through 2.10. The issue is located in the '/matricula/[ID_STUDENT]/enturmar/[ID_CLASS]' endpoint, where improper access controls allow users to bypass authorization checks and access restricted functionalities. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows unauthorized access to the enturmar functionality, enabling users to sign students from classes without proper permissions. This could lead to unauthorized changes in class enrollments, potentially disrupting academic records and processes.

Reproduction

To reproduce this vulnerability, authenticate as a low-privileged user and send a GET request to the '/matricula/[ID_STUDENT]/enturmar/[ID_CLASS]' endpoint. Include the necessary session cookie to bypass authentication. Once the request is sent, the response will confirm access to the endpoint and the ability to modify class enrollments, which should not be possible for the authenticated user.