CVE-2025-9607

Опубликовано: 29 авг. 2025

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /module/TabelaArredondamento/view of the component Tabelas de Arredondamento Page. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.

Ссылки

https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9607.md
Exploit
Third Party Advisory
https://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(Blind%20Time-Based)%20Vulnerability%20in%20%60id%60%20Parameter%20on%20%60.module.TabelaArredondamento.view%60%20Endpoint.md#poc
Broken Link
https://vuldb.com/?ctiid.321785
Permissions Required
VDB Entry
https://vuldb.com/?id.321785
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.636578
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*

Версия до 2.10.0 (включая)

EPSS

Процентиль: 9%

0.00032

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-4hph-6pvw-mjwp

CVSS3: 6.3

github

5 месяцев назад

EPSS

Процентиль: 9%

0.00032

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74