Lucene search

MitreVULNRICHMENT:CVE-2024-27710

HistoryJul 05, 2024 - 12:00 a.m.

CVE-2024-27710

2024-07-0500:00:00

mitre

github.com

cve-2024-27710

remote attack

authentication mechanism

privilege escalation

AI Score

7.4

Confidence

Low

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

total

JSON

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:eskooly:free_online_school_management_software:*:*:*:*:*:*:*:*"
    ],
    "vendor": "eskooly",
    "product": "free_online_school_management_software",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "3.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27710-privilege-escalation-via-authentication-mechanism-in-eskooly-web-product-less-than-v3