CVE-2025-41009
CVE-2025-41009 is a SQL injection in the DRED virtual campus platform (Diseño de Recursos Educativos). The vulnerability arises via a POST request to /catalogo_c/catalogo.php using the buscame parameter, allowing an attacker to retrieve, create, update, and delete data in the database. Multiple s...