794 matches found
CVE-2025-65022
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the...
CVE-2025-65022 i-Educar Authenticated Time-based SQL Injection in `agenda.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the...
CVE-2025-65022 i-Educar Authenticated Time-based SQL Injection in `agenda.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the...
CVE-2025-65022 i-Educar Authenticated Time-based SQL Injection in `agenda.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the...
CVE-2025-65023 i-Educar Authenticated Time-based SQL Injection in `funcionario_vinculo_cad.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...
CVE-2025-65023 i-Educar Authenticated Time-based SQL Injection in `funcionario_vinculo_cad.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...
CVE-2025-65023
The CVE concerns i-Educar (versions 2.10.0 and earlier). An authenticated, time-based SQL injection exists in the ieducar/intranet/funcionario_vinculo_cad.php script, introduced by directly concatenating the GET parameter cod_funcionario_vinculo into an SQL query without sanitization. An attacker...
CVE-2025-65024 i-Educar Authenticated Time-based SQL Injection in `agenda_admin_cad.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...
EUVD-2025-198226
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...
CVE-2025-65024 i-Educar Authenticated Time-based SQL Injection in `agenda_admin_cad.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...
i-Educar SQL注入漏洞
i-Educar is a free educational software from Portábilis open source. A SQL injection vulnerability exists in i-Educar version 2.10.0 and earlier, which stems from improper handling of the codagenda parameter and could lead to a SQL injection attack...
i-Educar SQL注入漏洞
i-Educar is a free educational software from Portábilis open source. A SQL injection vulnerability exists in i-Educar version 2.10.0 and earlier, which stems from improper handling of the codagenda parameter and could lead to a SQL injection attack...
i-Educar 安全漏洞
i-Educar is a free educational software from Portábilis Open Source. A security vulnerability exists in i-Educar version 2.10.0 and earlier, which stems from improper handling of the codfuncionariovinculo parameter and can lead to SQL injection attacks...
PT-2025-47474
Name of the Vulnerable Software and Affected Versions i-Educar versions prior to 2.10.0 Description i-Educar is school management software. A time-based SQL injection exists in the ieducar/intranet/funcionario vinculo cad.php script for authenticated users. An attacker with an authenticated sessi...
EUVD-2025-26289
A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publish...
EUVD-2025-26288
A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educartipoocorrenciadisciplinarcad.php. Such manipulation of the argument nmtipo/descricao leads to cross site scripting. It is possible to launch the attack remotel...
EUVD-2025-26287
A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/TabelaArredondamento/edit of the component Cadastrar tabela de arredondamento Page. The manipulation of the argument Nome results in cross site scripting. The attack may be performe...
EUVD-2025-33561
A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack...
CVE-2025-11554
A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack...
CVE-2025-11554
A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack...