4 matches found
CVE-2025-65024
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...
CVE-2025-65024 i-Educar Authenticated Time-based SQL Injection in `agenda_admin_cad.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...
CVE-2025-65024
CVE-2025-65024 affects i-Educar up to version 2.10.0. An authenticated time-based SQL injection exists in ieducar/intranet/agenda_admin_cad.php where the cod_agenda GET parameter is directly concatenated into an SQL query. This allows an authenticated user to execute arbitrary SQL against the dat...
EUVD-2025-198226
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...