794 matches found
CVE-2026-2015 Portabilis i-Educar Final Status Import FinalStatusImportService.php improper authorization
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulation of the argument schoolid can lead to improper authorization. The attack can be executed remotel...
CVE-2026-2015
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulation of the argument schoolid can lead to improper authorization. The attack can be executed remotel...
CVE-2026-2015
CVE-2026-2015 affects Portabilis i-Educar up to version 2.10, in the Final Status Import component. The issue is an improper authorization vulnerability exploitable by manipulating the school_id argument inside FinalStatusImportService.php, with remote execution implied. Public PoC/exploit is ava...
Portábilis i-Educar 授权问题漏洞
Portábilis i-Educar is an application developed by Portábilis Corporation. It can conveniently assist you with basic education and technical training. Versions of Portábilis i-Educar 2.10 and earlier contained a licensing vulnerability. This vulnerability stemmed from incorrect handling of the...
PT-2026-6716
Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions up to 2.10 Description A weakness exists in Portabilis i-Educar up to version 2.10, specifically within the Final Status Import component. The issue involves improper authorization that can be triggered by...
i-Educar 代码注入漏洞
i-Educar is a free educational software developed by Portábilis. Versions of i-Educar 2.10 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the File parameter in the user data page file/intranet/meusdadod.php, which could lead to cross-site...
PT-2026-6782
Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions up to 2.10 Description A security issue exists in Portabilis i-Educar. This issue involves the manipulation of the File argument within the /intranet/meusdadod.php file, specifically related to the User Data Page...
CVE-2025-9638
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...
EUVD-2025-202286
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...
CVE-2025-9638
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...
CVE-2025-9638 i-Educar 2.10.0 - Stored Cross-Site Scripting (XSS) in admin panel
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...
CVE-2025-9638 i-Educar 2.10.0 - Stored Cross-Site Scripting (XSS) in admin panel
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...
CVE-2025-9638
Portabilis i-Educar 2.10.0 is affected by CVE-2025-9638. The issue is an Improper Neutralization of Input During Web Page Generation, allowing Stored Cross-Site Scripting via the matricula_interna parameter in educar_usuario_cad.php. No exploitation details are provided in the supplied documents....
CVE-2025-9638 i-Educar 2.10.0 - Stored Cross-Site Scripting (XSS) in admin panel
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...
i-Educar 安全漏洞
i-Educar is a free educational software from Portábilis Open Source. A security vulnerability exists in i-Educar version 2.10.0, which stems from an improperly entered neutralization of the matriculainterna parameter in the educarusuariocad.php endpoint, which could lead to a stored cross-site...
PT-2025-50091
Name of the Vulnerable Software and Affected Versions Portabilis i-Educar version 2.10.0 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to Stored Cross-Site Scripting XSS. The issue occurs via the matricula interna parameter in the...
CVE-2025-65022
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the...
CVE-2025-65024
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...
CVE-2025-65024
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...
CVE-2025-65023
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...