CVE-2025-9684
A vulnerability was determined in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/edit of the component Formula de Cálculo de Média Page. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
| Software | From | Fixed in |
|---|---|---|
| portabilis / i-educar | - | 2.10.x |
- https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9684.md
- https://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(Blind%20Time-Based)%20Vulnerability%20in%20%60id%60%20Parameter%20on%20%60.module.FormulaMedia.edit%60%20Endpoint.md
- https://vuldb.com/?ctiid.321896
- https://vuldb.com/?id.321896
- https://vuldb.com/?submit.638574
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime