{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T11:22:05.051","vulnerabilities":[{"cve":{"id":"CVE-2024-45059","sourceIdentifier":"security-advisories@github.com","published":"2024-08-28T21:15:07.473","lastModified":"2024-09-13T20:09:19.523","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue."},{"lang":"es","value":"i-Educar es un software de gestión escolar gratuito y completamente online que permite a las secretarias, profesores, coordinadores y responsables de área de la escuela crear una consulta SQL a partir de una concatenación de un parámetro GET controlado por el usuario, lo que permite a un atacante manipular la consulta. La explotación exitosa de esta falla permite a un atacante tener acceso completo y sin restricciones a la base de datos, con un usuario web con permisos mínimos. Esto puede implicar la obtención de información del usuario, como correos electrónicos, hashes de contraseñas, etc. Este problema aún no ha sido parcheado. Se recomienda a los usuarios que se pongan en contacto con el desarrollador y que coordinen un cronograma de actualización."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*","versionEndIncluding":"2.9","matchCriteriaId":"BAA7BA67-9C1B-461B-90CF-2BB79C838BAF"}]}]}],"references":[{"url":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","source":"security-advisories@github.com","tags":["Technical Description"]},{"url":"https://github.com/portabilis/i-educar/commit/7824b95745fa2da6476b9901041d9c854bf52ffe","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/portabilis/i-educar/security/advisories/GHSA-2v4w-7xqr-hxmr","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://portswigger.net/web-security/sql-injection","source":"security-advisories@github.com","tags":["Technical Description"]}]}}]}