CVE-2024-27713

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the HTTP Response Header Settings component.

Weakness

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Affected Software

Name	Vendor	Start Version	End Version
Eskooly	Eskooly	*	3.0 (including)

https://cwe.mitre.org/data/definitions/1.html
https://cwe.mitre.org/data/definitions/107.html
https://cwe.mitre.org/data/definitions/127.html
https://cwe.mitre.org/data/definitions/17.html
https://cwe.mitre.org/data/definitions/20.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/237.html
https://cwe.mitre.org/data/definitions/36.html
https://cwe.mitre.org/data/definitions/477.html
https://cwe.mitre.org/data/definitions/480.html
https://cwe.mitre.org/data/definitions/51.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/59.html
https://cwe.mitre.org/data/definitions/65.html
https://cwe.mitre.org/data/definitions/668.html
https://cwe.mitre.org/data/definitions/74.html
https://cwe.mitre.org/data/definitions/87.html

References

https://blog.be-hacktive.com/eskooly-cve/cve-2024-27713-protection-mechanism-failure-in-eskooly-web-product-less-than-v3.0
https://blog.be-hacktive.com/eskooly-cve/cve-2024-27713-protection-mechanism-failure-in-eskooly-web-product-less-than-v3.0

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-27713
CWE	https://cwe.mitre.org/data/definitions/693.html

Protection Mechanism Failure

Weakness

Affected Software

Related Attack Patterns

References