Portabilis i-Diario Tipos de usàrio educar_tipo_usuario_lst.php sql injection_CVE-2025-9236

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Portabilis i-Diario up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_usuario_lst.php of the component Tipos de usàrio Page. Such manipulation of the argument nm_tipo leads to sql injection. The attack may be performed from a remote location. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-9236

Source VulDB

Published Aug 20, 2025 at 17:32

Affected Product

Vendor Portabilis

Product i-Diario

Version 2.0

Affected Versions Portabilis i-Diario 2.0
Portabilis i-Diario 2.1
Portabilis i-Diario 2.2
Portabilis i-Diario 2.3
Portabilis i-Diario 2.4
Portabilis i-Diario 2.5
Portabilis i-Diario 2.6
Portabilis i-Diario 2.7
Portabilis i-Diario 2.8
Portabilis i-Diario 2.9
Portabilis i-Diario 2.10

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Portabilis i-Diario up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_usuario_lst.php of the component Tipos de us\u00e0rio Page. Such manipulation of the argument nm_tipo leads to sql injection. The attack may be performed from a remote location. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-08-20T17:32:06.078Z",
    "modified": "2025-08-20T17:32:06.078Z",
    "type": "cve",
    "title": "Portabilis i-Diario Tipos de us\u00e0rio educar_tipo_usuario_lst.php sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.320769\nhttps://vuldb.com/?ctiid.320769\nhttps://vuldb.com/?submit.631370\nhttps://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9236.md\nhttps://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(Blind%20Time-Based)%20Vulnerability%20in%20nm_tipo%20Parameter%20on%20educar_tipo_usuario_lst.php%20Endpoint.md#poc",
    "id": "CVE-2025-9236",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Portabilis i-Diario 2.0\nPortabilis i-Diario 2.1\nPortabilis i-Diario 2.2\nPortabilis i-Diario 2.3\nPortabilis i-Diario 2.4\nPortabilis i-Diario 2.5\nPortabilis i-Diario 2.6\nPortabilis i-Diario 2.7\nPortabilis i-Diario 2.8\nPortabilis i-Diario 2.9\nPortabilis i-Diario 2.10",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "i-Diario",
    "version": "2.0",
    "vendor": "Portabilis",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}