CVE-2024-27711
https://notcve.org/view.php?id=CVE-2024-27711
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the Sin-up process function in the account settings. • https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27711-user-enumeration-via-sign-up-process-in-eskooly-web-product-less-than-v3.0 • CWE-269: Improper Privilege Management •
CVE-2024-27717
https://notcve.org/view.php?id=CVE-2024-27717
Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27717-cross-site-request-forgery-csrf-in-eskooly-web-product-less-than-v3.0 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-27710
https://notcve.org/view.php?id=CVE-2024-27710
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism. • https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27710-privilege-escalation-via-authentication-mechanism-in-eskooly-web-product-less-than-v3 • CWE-269: Improper Privilege Management •
CVE-2024-27715
https://notcve.org/view.php?id=CVE-2024-27715
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via a crafted request to the Password Change mechanism. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27715-inadequate-password-update-verification-in-eskooly-web-product-less-than-v3.0 • CWE-620: Unverified Password Change •
CVE-2024-27712
https://notcve.org/view.php?id=CVE-2024-27712
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism. • https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27712-user-enumeration-via-account-settings-in-eskooly-web-product-less-than-v3.0 •