CVE-2025-9686

Опубликовано: 30 авг. 2025

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A security flaw has been discovered in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /module/AreaConhecimento/edit of the component Listagem de áreas de conhecimento Page. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.

Ссылки

https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9686.md
Exploit
Third Party Advisory
https://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(Blind%20Time-Based)%20Vulnerability%20in%20%60id%60%20Parameter%20on%20%60.module.AreaConhecimento.edit%60%20Endpoint.md
Broken Link
https://vuldb.com/?ctiid.321898
Permissions Required
VDB Entry
https://vuldb.com/?id.321898
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.638577
Third Party Advisory
VDB Entry
https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9686.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*

Версия до 2.10 (включая)

EPSS

Процентиль: 5%

0.00023

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-h7xg-2jc7-p8p4

CVSS3: 6.3

github

5 месяцев назад

EPSS

Процентиль: 5%

0.00023

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74