Lucene search

MitreVULNRICHMENT:CVE-2024-27711

HistoryJul 05, 2024 - 12:00 a.m.

CVE-2024-27711

2024-07-0500:00:00

mitre

github.com

cve-2024-27711

eskooly

online school management

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

20.0%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the Sin-up process function in the account settings.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:eskooly:free_online_school_management_software:*:*:*:*:*:*:*:*"
    ],
    "vendor": "eskooly",
    "product": "free_online_school_management_software",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "3.0"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27711-user-enumeration-via-sign-up-process-in-eskooly-web-product-less-than-v3.0