Lucene search

MitreVULNRICHMENT:CVE-2024-27712

HistoryJul 05, 2024 - 12:00 a.m.

CVE-2024-27712

2024-07-0500:00:00

mitre

github.com

cve-2024-27712

eskooly

privilege escalation

user account management

authentication mechanism

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

39.6%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism.

References

blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27712-user-enumeration-via-account-settings-in-eskooly-web-product-less-than-v3.0