Описание
A vulnerability was determined in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/ComponenteCurricular/edit. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
A vulnerability was determined in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/ComponenteCurricular/edit. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-10846
- https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/27.md
- https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/27.md#poc
- https://karinagante.github.io/cve-2025-10846
- https://karinagante.github.io/cve-2025-10846/#proof-of-concept-poc
- https://vuldb.com/?ctiid.325208
- https://vuldb.com/?id.325208
- https://vuldb.com/?submit.657691
Связанные уязвимости
A vulnerability was determined in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/ComponenteCurricular/edit. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.