9 matches found
CVE-2025-65023 i-Educar Authenticated Time-based SQL Injection in `funcionario_vinculo_cad.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...
CVE-2025-65023 i-Educar Authenticated Time-based SQL Injection in `funcionario_vinculo_cad.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...
CVE-2025-65023 i-Educar Authenticated Time-based SQL Injection in `funcionario_vinculo_cad.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...
EUVD-2025-198233
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...
CVE-2025-65023
The CVE concerns i-Educar (versions 2.10.0 and earlier). An authenticated, time-based SQL injection exists in the ieducar/intranet/funcionario_vinculo_cad.php script, introduced by directly concatenating the GET parameter cod_funcionario_vinculo into an SQL query without sanitization. An attacker...
i-Educar 安全漏洞
i-Educar is a free educational software from Portábilis Open Source. A security vulnerability exists in i-Educar version 2.10.0 and earlier, which stems from improper handling of the codfuncionariovinculo parameter and can lead to SQL injection attacks...
CVE-2025-8784
A vulnerability classified as problematic was found in Portabilis i-Educar up to 2.9. This vulnerability affects unknown code of the file /intranet/funcionariovinculocad.php of the component Cadastrar Vínculo Page. The manipulation of the argument nome leads to cross site scripting. The attack ca...
CVE-2025-8784 Portabilis i-Educar Cadastrar Vínculo funcionario_vinculo_cad.php cross site scripting
A vulnerability classified as problematic was found in Portabilis i-Educar up to 2.9. This vulnerability affects unknown code of the file /intranet/funcionariovinculocad.php of the component Cadastrar Vínculo Page. The manipulation of the argument nome leads to cross site scripting. The attack ca...
PT-2024-31410 · I-Educar · I-Educar
Name of the Vulnerable Software and Affected Versions: i-Educar versions prior to 2.9 Description: A SQL Injection vulnerability was found in the ieducar/intranet/funcionario vinculo det.php file, which creates the query by concatenating the unsanitized GET parameter cod func, allowing the attack...