Portabilis i-Educar Broken Access Control Vulnerability in the consulta-dispensas Endpoint

A broken access control vulnerability has been identified in the Portabilis i-Educar application, affecting versions through 2.10. The issue resides in the consulta-dispensas endpoint, where the application fails to properly validate user permissions. This flaw allows low-privileged users to access functionality intended for users with higher permissions, bypassing authorization checks. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows unauthorized access to restricted functionality, potentially leading to unauthorized changes or access to sensitive information. In the context of an educational application, this could result in improper access to student records or administrative functions, undermining the integrity of the educational data and processes.

Reproduction

To reproduce this vulnerability, authenticate as a low-privileged user and send a GET request to the /consulta-dispensas endpoint. The request must include the i_educar_session cookie for the low-privileged user. Once the request is sent, the response will indicate access to the page and functionality, which should not be available to that user.