Portabilis i-Educar Formula de Cálculo de Média view sql injection

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/view of the component Formula de Cálculo de Média Page. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-9608

Source VulDB

Published Aug 29, 2025 at 03:02

Affected Product

Vendor Portabilis

Product i-Educar

Version 2.0

Affected Versions Portabilis i-Educar 2.0
Portabilis i-Educar 2.1
Portabilis i-Educar 2.2
Portabilis i-Educar 2.3
Portabilis i-Educar 2.4
Portabilis i-Educar 2.5
Portabilis i-Educar 2.6
Portabilis i-Educar 2.7
Portabilis i-Educar 2.8
Portabilis i-Educar 2.9
Portabilis i-Educar 2.10

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/view of the component Formula de C\u00e1lculo de M\u00e9dia Page. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.",
    "published": "2025-08-29T03:02:09.426Z",
    "modified": "2025-08-29T03:02:09.426Z",
    "type": "cve",
    "title": "Portabilis i-Educar Formula de C\u00e1lculo de M\u00e9dia view sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.321786\nhttps://vuldb.com/?ctiid.321786\nhttps://vuldb.com/?submit.636579\nhttps://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9608.md\nhttps://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(Blind%20Time-Based)%20Vulnerability%20in%20%60id%60%20Parameter%20on%20%60.module.FormulaMedia.view%60%20Endpoint%201.md#poc",
    "id": "CVE-2025-9608",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Portabilis i-Educar 2.0\nPortabilis i-Educar 2.1\nPortabilis i-Educar 2.2\nPortabilis i-Educar 2.3\nPortabilis i-Educar 2.4\nPortabilis i-Educar 2.5\nPortabilis i-Educar 2.6\nPortabilis i-Educar 2.7\nPortabilis i-Educar 2.8\nPortabilis i-Educar 2.9\nPortabilis i-Educar 2.10",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "i-Educar",
    "version": "2.0",
    "vendor": "Portabilis",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Portabilis i-Educar Formula de Cálculo de Média view sql injection_CVE-2025-9608