Lucene search
K

4 matches found

Cvelist
Cvelist
added 2025/11/19 4:2 p.m.13 views

CVE-2025-65023 i-Educar Authenticated Time-based SQL Injection in `funcionario_vinculo_cad.php`

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...

7.2CVSS0.00353EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/19 4:2 p.m.3 views

EUVD-2025-198233

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...

7.2CVSS7.7AI score0.00353EPSS
Exploits1References2
CVE
CVE
added 2025/11/19 4:2 p.m.12 views

CVE-2025-65023

The CVE concerns i-Educar (versions 2.10.0 and earlier). An authenticated, time-based SQL injection exists in the ieducar/intranet/funcionario_vinculo_cad.php script, introduced by directly concatenating the GET parameter cod_funcionario_vinculo into an SQL query without sanitization. An attacker...

7.2CVSS7.9AI score0.00353EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.3 views

i-Educar 安全漏洞

i-Educar is a free educational software from Portábilis Open Source. A security vulnerability exists in i-Educar version 2.10.0 and earlier, which stems from improper handling of the codfuncionariovinculo parameter and can lead to SQL injection attacks...

7.2CVSS7.6AI score0.00353EPSS
Exploits1References2
Rows per page
Query Builder