CVE-2025-9686
A security flaw has been discovered in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /module/AreaConhecimento/edit of the component Listagem de áreas de conhecimento Page. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
| Software | From | Fixed in |
|---|---|---|
| portabilis / i-educar | - | 2.10.x |
- https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9686.md
- https://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(Blind%20Time-Based)%20Vulnerability%20in%20%60id%60%20Parameter%20on%20%60.module.AreaConhecimento.edit%60%20Endpoint.md
- https://vuldb.com/?ctiid.321898
- https://vuldb.com/?id.321898
- https://vuldb.com/?submit.638577
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime