CVE-2025-65022

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the...

CVE-2025-65022

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the...

CVE-2025-65022

CVE-2025-65022 describes an authenticated time-based SQL injection in i-Educar up to version 2.10.0, in the intranet/agenda.php script. The issue arises from the cod_agenda parameter being directly concatenated into SQL queries without sanitization, allowing an authenticated user to execute arbit...

CVE-2025-7867 Portabilis i-Educar Agenda agenda.php cross site scripting

A vulnerability has been found in Portabilis i-Educar 2.9.0/2.10.0. This vulnerability affects unknown code of the file /intranet/agenda.php of the component Agenda Module. The manipulation of the argument novotitulo/novodescricao leads to cross site scripting. It is possible to initiate the atta...

conferenciapermanente.org.br XSS vulnerability

Open Bug Bounty ID: OBB-537332 Description| Value ---|--- Affected Website:| conferenciapermanente.org.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2013-5983

Multiple cross-site scripting XSS vulnerabilities in GuppY before 4.6.28 allow remote attackers to inject arbitrary web script or HTML via the 1 "an" parameter to agenda.php or 2 cat parameter to mobile/thread.php...