What the vulnerability does
01Description
Missing Authorization vulnerability in Mojoomla School Management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects School Management: from n/a through 93.2.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Missing Authorization vulnerability in Mojoomla School Management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects School Management: from n/a through 93.2.0.
Explanation of Vulnerability in Simple Terms
The School Management extension for Joomla fails to properly check user permissions before allowing modifications to sensitive data. An attacker with a low-level user account can change information they should not have access to, such as student records or school settings. This affects versions up to 93.2.0. Update to a version newer than 93.2.0 to resolve the issue.
What an attacker can do
Modify student records, school settings, or other protected data without proper authorization.
Potential impact on your site
Unauthorized changes to school data, student records, or configuration by low-privilege users.
Conditions required to exploit
Attacker needs a low-level Joomla user account (e.g., teacher or student login).
Key dates
External resources