Описание
A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/ComponenteCurricular/view. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/ComponenteCurricular/view. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-10845
- https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/26.md
- https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/26.md#poc
- https://karinagante.github.io/cve-2025-10845
- https://karinagante.github.io/cve-2025-10845/#proof-of-concept-poc
- https://vuldb.com/?ctiid.325207
- https://vuldb.com/?id.325207
- https://vuldb.com/?submit.657688
Связанные уязвимости
A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/ComponenteCurricular/view. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.