CVE-2014-9127

Name of the Vulnerable Software and Affected Versions: Open-School Community Edition version 2.2

Description: The issue concerns improper access restriction to the export functionality. Remote authenticated users can obtain sensitive information by exploiting this weakness. Specifically, the "r" parameter with the value "export" in the "index.php" endpoint can be manipulated to gain access to sensitive data.

Recommendations: For Open-School Community Edition version 2.2, consider restricting access to the export functionality to prevent unauthorized users from obtaining sensitive information. As a temporary workaround, restrict access to the "index.php" endpoint with the "r" parameter set to "export" until a proper fix is implemented.