303 matches found
i-Educar SQL注入漏洞
i-Educar is a free educational software from Portábilis Open Source. A SQL injection vulnerability exists in i-Educar 2.10 and earlier versions, which stems from incorrect manipulation of parameters in the file /module/Cadastro/aluno, and could lead to a SQL injection attack...
CVE-2025-10666 D-Link DIR-825 apply.cgi sub_4106d4 buffer overflow
A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub4106d4 of the file apply.cgi. The manipulation of the argument countdowntime results in buffer overflow. The attack can be executed remotely. The exploit has been released to the...
PT-2025-38140
Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A weakness exists in Portabilis i-Educar up to version 2.10. The issue is related to the manipulation of the abreviatura/tipoacao argument in the /intranet/educar funcao cad.php file within...
CVE-2025-56252
CVE-2025-56252 is a documented XSS in ServitiumCRM 2.10, exploitable via a crafted URL to the mobile parameter, potentially allowing arbitrary code execution. The issue is publicly described across multiple feeds; remediation guidance (e.g., PT-2025-37706) recommends sanitizing/encoding the mobil...
PT-2025-37392
Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A security issue has been identified in Portabilis i-Educar. Manipulation of the nm tipo argument in an unknown function within the /intranet/educar turma tipo cad.php file can lead to...
CVE-2025-10071
A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed to the public and may b...
PT-2025-36418
Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A vulnerability exists in Portabilis i-Educar that allows for improper access controls. This issue affects unknown code within the /cancelar-enturmacao-em-lote/ API endpoint and can be...
CVE-2025-58852 WordPress MSTW League Manager Plugin <= 2.10 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Mark O'Donnell MSTW League Manager mstw-league-manager allows Stored XSS.This issue affects MSTW League Manager: from n/a through = 2.10...
PT-2025-36225
Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A weakness exists in Portabilis i-Educar up to version 2.10. The issue is related to SQL injection stemming from manipulation of the ID argument within an unknown function of the...
CVE-2025-9760 Portabilis i-Educar Matricula API matricula improper authorization
A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/Api/matricula of the component Matricula API. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made...
CVE-2025-9760
CVE-2025-9760 affects Portabilis i-Educar up to version 2.10, specifically the Matricula API component (notably the /module/Api/matricula path; some sources also reference /module/Api/aluno). The root cause is improper authorization due to manipulation of the Matricula API, enabling a remote atta...
PT-2025-35447
Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A weakness exists in the Matricula API component of Portabilis i-Educar. The issue affects an unknown part of the file /module/Api/aluno. Manipulation of this component can lead to improper...
CVE-2025-9738
A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educartipoensinocad.php. Executing manipulation of the argument nmtipo can lead to cross site scripting. The attack can be executed remotely. The exploit has...
CVE-2025-9724
CVE-2025-9724 affects Portabilis i-Educar up to version 2.10. The vulnerability lies in /intranet/educar_nivel_ensino_cad.php (specifically the nm_nivel/descricao arguments), where manipulation can trigger cross-site scripting. Exploitation can be performed remotely, and public disclosures of the...
CVE-2025-9721 Portabilis i-Educar edit cross site scripting
A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publish...
CVE-2025-9720 Portabilis i-Educar Cadastrar tabela de arredondamento edit cross site scripting
A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/TabelaArredondamento/edit of the component Cadastrar tabela de arredondamento Page. The manipulation of the argument Nome results in cross site scripting. The attack may be performe...
CVE-2025-9606
A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/agendapreferencias.php. Performing manipulation of the argument codagenda results in sql injection. The attack may be initiated remotely. The exploit is...
PT-2025-35394
Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A cross-site scripting issue exists in Portabilis i-Educar. The issue is related to the manipulation of the Nome argument within an unknown function of the /module/TabelaArredondamento/edit...
Portábilis i-Educar 安全漏洞
Portábilis i-Educar is an application from Portábilis. It can easily help you in basic and technical education. A security vulnerability exists in Portábilis i-Educar version 2.10 and earlier, which stems from cross-site scripting due to incorrect manipulation of the parameter nmtipodescricao in...
Portábilis i-Educar 安全漏洞
Portábilis i-Educar is an application from Portábilis. It can easily help you in basic and technical education. A security vulnerability exists in Portábilis i-Educar version 2.10 and earlier, which stems from cross-site scripting due to incorrect manipulation of the parameter Nome in the file...