CVE-2025-10011

Опубликовано: 05 сент. 2025

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

Ссылки

https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10011.md
Exploit
Third Party Advisory
https://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(Blind%20Time-Based)%20Vulnerability%20in%20%60id%60%20Parameter%20on%20%60.module.TabelaArredondamento.edit%60%20Endpoint.md
Broken Link
https://vuldb.com/?ctiid.322736
Permissions Required
VDB Entry
https://vuldb.com/?id.322736
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.643544
Third Party Advisory
VDB Entry
https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10011.md
Exploit
Third Party Advisory
https://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(Blind%20Time-Based)%20Vulnerability%20in%20%60id%60%20Parameter%20on%20%60.module.TabelaArredondamento.edit%60%20Endpoint.md
Broken Link
https://vuldb.com/?submit.643544
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*

Версия до 2.10.0 (включая)

EPSS

Процентиль: 5%

0.00023

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-4v95-63wh-6gqh

CVSS3: 6.3

github

5 месяцев назад

EPSS

Процентиль: 5%

0.00023

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74