18 matches found
CVE-2025-65024
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...
CVE-2025-65022
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the...
CVE-2025-65024
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...
CVE-2025-65022 i-Educar Authenticated Time-based SQL Injection in `agenda.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the...
CVE-2025-65022 i-Educar Authenticated Time-based SQL Injection in `agenda.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the...
CVE-2025-65024
CVE-2025-65024 affects i-Educar up to version 2.10.0. An authenticated time-based SQL injection exists in ieducar/intranet/agenda_admin_cad.php where the cod_agenda GET parameter is directly concatenated into an SQL query. This allows an authenticated user to execute arbitrary SQL against the dat...
CVE-2025-65024 i-Educar Authenticated Time-based SQL Injection in `agenda_admin_cad.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...
CVE-2025-65024 i-Educar Authenticated Time-based SQL Injection in `agenda_admin_cad.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...
i-Educar SQL注入漏洞
i-Educar is a free educational software from Portábilis open source. A SQL injection vulnerability exists in i-Educar version 2.10.0 and earlier, which stems from improper handling of the codagenda parameter and could lead to a SQL injection attack...
i-Educar SQL注入漏洞
i-Educar is a free educational software from Portábilis open source. A SQL injection vulnerability exists in i-Educar version 2.10.0 and earlier, which stems from improper handling of the codagenda parameter and could lead to a SQL injection attack...
EUVD-2025-26163
Malicious code in bioql PyPI...
EUVD-2025-25886
Malicious code in bioql PyPI...
CVE-2025-9606 Portabilis i-Educar agenda_preferencias.php sql injection
A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/agendapreferencias.php. Performing manipulation of the argument codagenda results in sql injection. The attack may be initiated remotely. The exploit is...
CVE-2025-9531
A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/agenda.php of the component Agenda Module. Performing manipulation of the argument codagenda results in sql injection. It is possible to initiate the attack remotely. The exploit...
CVE-2025-9531 Portabilis i-Educar Agenda agenda.php sql injection
A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/agenda.php of the component Agenda Module. Performing manipulation of the argument codagenda results in sql injection. It is possible to initiate the attack remotely. The exploit...
Portábilis i-Educar 安全漏洞
Portábilis i-Educar is an application from Portábilis. It can easily help you in basic and technical education. A security vulnerability exists in Portábilis i-Educar version 2.10 and earlier, which stems from SQL injection due to incorrect manipulation of the parameter codagenda in the file...
PT-2025-34866 · Portabilis · Portabilis I-Educar
Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A SQL injection issue exists in the Agenda Module of Portabilis i-Educar. The issue is located in the /intranet/agenda.php file, affecting an unknown function. Manipulation of the cod agend...
Portábilis i-Educar Cross-Site Scripting Vulnerability
Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. A cross-site scripting vulnerability exists in Portábilis i-Educar version 2.7.5, which originates from the presence of an unknown function in the file intranetagendaimprimir.php in t...