Portabilis i-Educar Privilege Escalation Vulnerability in AccessLevelController.php

A vulnerability allowing privilege escalation has been identified in Portabilis i-Educar versions through 2.9.10. The issue resides in the User Type Handler component, specifically within the AccessLevelController.php file. This vulnerability allows users with insufficient privileges to change user types to manipulate the permissions of existing user types. By sending arbitrary requests to the relevant endpoint, low-privileged users can escalate their privileges by granting maximum permissions to their associated user type, thereby compromising access across the application.

Impact

Exploitation of this vulnerability allows for unauthorized modification of user permissions, enabling low-privileged users to gain elevated access rights and control over all areas of the application.

Reproduction

To reproduce this vulnerability, send a request to the user type change endpoint from an account with low privileges. Include the desired user type and permissions in the request. The absence of necessary privileges to change user types will be bypassed, allowing the permissions to be modified arbitrarily.