CVE-2025-9684

Опубликовано: 30 авг. 2025

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability was determined in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/edit of the component Formula de Cálculo de Média Page. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

Ссылки

https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9684.md
Exploit
Third Party Advisory
https://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(Blind%20Time-Based)%20Vulnerability%20in%20%60id%60%20Parameter%20on%20%60.module.FormulaMedia.edit%60%20Endpoint.md
Broken Link
https://vuldb.com/?ctiid.321896
Permissions Required
VDB Entry
https://vuldb.com/?id.321896
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.638574
Third Party Advisory
VDB Entry
https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9684.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*

Версия до 2.10 (включая)

EPSS

Процентиль: 5%

0.00023

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-9cr3-j8m7-4rwr

CVSS3: 6.3

github

5 месяцев назад

EPSS

Процентиль: 5%

0.00023

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74