Lucene search
K

794 matches found

NVD
NVD
added 2025/11/19 4:15 p.m.5 views

CVE-2025-65022

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the...

7.2CVSS0.0028EPSS
Exploits0References2
OSV
OSV
added 2025/11/19 4:2 p.m.5 views

CVE-2025-65022 i-Educar Authenticated Time-based SQL Injection in `agenda.php`

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the...

7.2CVSS8.3AI score0.0028EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/19 4:2 p.m.3 views

CVE-2025-65022 i-Educar Authenticated Time-based SQL Injection in `agenda.php`

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the...

7.2CVSS8AI score0.0028EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/19 4:2 p.m.10 views

CVE-2025-65022 i-Educar Authenticated Time-based SQL Injection in `agenda.php`

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the...

7.2CVSS0.0028EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/19 4:2 p.m.9 views

CVE-2025-65023 i-Educar Authenticated Time-based SQL Injection in `funcionario_vinculo_cad.php`

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...

7.2CVSS7.9AI score0.00361EPSS
Exploits1References2
OSV
OSV
added 2025/11/19 4:2 p.m.6 views

CVE-2025-65023 i-Educar Authenticated Time-based SQL Injection in `funcionario_vinculo_cad.php`

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...

7.2CVSS8.3AI score0.00361EPSS
Exploits1References4
CVE
CVE
added 2025/11/19 4:2 p.m.12 views

CVE-2025-65023

The CVE concerns i-Educar (versions 2.10.0 and earlier). An authenticated, time-based SQL injection exists in the ieducar/intranet/funcionario_vinculo_cad.php script, introduced by directly concatenating the GET parameter cod_funcionario_vinculo into an SQL query without sanitization. An attacker...

7.2CVSS7.9AI score0.00361EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/19 4:2 p.m.5 views

CVE-2025-65024 i-Educar Authenticated Time-based SQL Injection in `agenda_admin_cad.php`

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...

7.2CVSS7.9AI score0.00361EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/19 4:2 p.m.5 views

EUVD-2025-198226

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...

7.2CVSS7.7AI score0.00361EPSS
Exploits1References2
OSV
OSV
added 2025/11/19 4:2 p.m.5 views

CVE-2025-65024 i-Educar Authenticated Time-based SQL Injection in `agenda_admin_cad.php`

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...

7.2CVSS8.3AI score0.00361EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.4 views

i-Educar SQL注入漏洞

i-Educar is a free educational software from Portábilis open source. A SQL injection vulnerability exists in i-Educar version 2.10.0 and earlier, which stems from improper handling of the codagenda parameter and could lead to a SQL injection attack...

7.2CVSS7.6AI score0.0028EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.7 views

i-Educar SQL注入漏洞

i-Educar is a free educational software from Portábilis open source. A SQL injection vulnerability exists in i-Educar version 2.10.0 and earlier, which stems from improper handling of the codagenda parameter and could lead to a SQL injection attack...

7.2CVSS7.6AI score0.00361EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.3 views

i-Educar 安全漏洞

i-Educar is a free educational software from Portábilis Open Source. A security vulnerability exists in i-Educar version 2.10.0 and earlier, which stems from improper handling of the codfuncionariovinculo parameter and can lead to SQL injection attacks...

7.2CVSS7.6AI score0.00361EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.3 views

PT-2025-47474

Name of the Vulnerable Software and Affected Versions i-Educar versions prior to 2.10.0 Description i-Educar is school management software. A time-based SQL injection exists in the ieducar/intranet/funcionario vinculo cad.php script for authenticated users. An attacker with an authenticated sessi...

7.2CVSS7.8AI score0.00361EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/13 9:31 p.m.6 views

EUVD-2025-26289

A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publish...

5.4CVSS3.5AI score0.00217EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/13 9:31 p.m.4 views

EUVD-2025-26288

A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educartipoocorrenciadisciplinarcad.php. Such manipulation of the argument nmtipo/descricao leads to cross site scripting. It is possible to launch the attack remotel...

5.4CVSS3.5AI score0.00217EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/13 9:31 p.m.6 views

EUVD-2025-26287

A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/TabelaArredondamento/edit of the component Cadastrar tabela de arredondamento Page. The manipulation of the argument Nome results in cross site scripting. The attack may be performe...

5.4CVSS3.5AI score0.00217EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/09 9:31 p.m.4 views

EUVD-2025-33561

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack...

6.5CVSS6.3AI score0.00351EPSS
Exploits1References5
OSV
OSV
added 2025/10/09 8:15 p.m.3 views

CVE-2025-11554

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack...

8.8CVSS5.3AI score0.00351EPSS
Exploits1References4
NVD
NVD
added 2025/10/09 8:15 p.m.4 views

CVE-2025-11554

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack...

8.8CVSS0.00351EPSS
Exploits1References4
Rows per page
Query Builder