CVE-2024-45059
- Source
- https://cve.org/CVERecord?id=CVE-2024-45059
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45059.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-45059
- Aliases
-
- GHSA-2v4w-7xqr-hxmr
- Published
- 2024-08-28T20:17:31.835Z
- Modified
- 2026-04-10T05:16:45.959059Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Authenticated SQL Injection in i-Educar
- Details
-
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the
ieducar/intranet/funcionario_vinculo_det.phpfile, which creates the query by concatenating the unsanitized GET parametercod_func, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-89" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/45xxx/CVE-2024-45059.json" }- References
-
- https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
- https://portswigger.net/web-security/sql-injection
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/45xxx/CVE-2024-45059.json
- https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr
- https://nvd.nist.gov/vuln/detail/CVE-2024-45059
- https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe
Affected packages
Git / github.com/portabilis/i-educar
Affected ranges
- Type
- GIT
- Repo
- https://github.com/portabilis/i-educar
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.0.0
2.0.1
2.0.10
2.0.11
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.8.1
2.0.9
2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.1.19
2.1.2
2.1.20
2.1.21
2.1.23-upgrade
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.2.0
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.14
2.2.15
2.2.16
2.2.17
2.2.18
2.2.19
2.2.2
2.2.20
2.2.21-upgrade
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.3.0
2.3.1
2.3.10
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4-upgrade
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.7.0
2.7.1
2.7.2
2.7.3
2.8.0
2.8.0-beta