CVE-2026-2015 | Portabilis i-Educar up to 2.10 Final Status Import FinalStatusImportService.php school_id improper authorization

Inserito da Angelo Barbosa | Feb 5, 2026 | CVE

A vulnerability classified as critical was found in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulation of the argument school_id can lead to improper authorization.

This vulnerability is handled as CVE-2026-2015. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2015 | Portabilis i-Educar up to 2.10 Final Status Import FinalStatusImportService.php school_id improper authorization

Post correlati

CVE-2024-27694 | FlyCMS 1.0 ztree_category_edit cross-site request forgery

CVE-2024-7388 | WP Bannerize Pro Plugin up to 1.9.0 on WordPress cross site scripting

CVE-2024-25354 | domain-suffix 1.0.8 parse redos

CVE-2025-49579 | StarCitizenTools mediawiki-skins-Citizen up to 3.3.0 cross site scripting (GHSA-g3cp-pq72-hjpv)