关键漏洞信息 Title: Portabilis i-Educar 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 Improper Authorization Description: - A Broken Function Level Authorization (BFLA) vulnerability in the Final Status Import tool allows an authenticated user with 'School' level permissions to modify student records across any school unit by providing enrollment IDs in a CSV file. This bypasses institution-level isolation and allows for mass sabotage of academic data. Source: - https://github.com/ViniCastro2001/Security_Reports/tree/main/i-educar/BFLA-Final-Status-Import User: - vini_castro (UID 94745) Submission Date: - 01/21/2026 09:08 PM Moderation Date: - 02/05/2026 08:32 PM Status: - Accepted VulDB Entry: - 344597 [Portabilis i-Educar up to 2.10 Final Status Import FinalStatusImportService.php school_id improper authorization] Points: - 18