SQL Injection Vulnerability in Portabilis i-Educar Affects Remote Access
CVE-2025-10845

5.3MEDIUM

Key Information:

Vendor: Portabilis
Status: I-educar
Vendor: CVE Published:; 23 September 2025

What is CVE-2025-10845?

A SQL injection vulnerability in Portabilis i-Educar version 2.10 affects an unspecified section of the application, particularly within the file located at /module/ComponenteCurricular/view. The vulnerability occurs due to improper handling of the argument ID, enabling attackers to manipulate SQL queries. This flaw can be exploited remotely, posing significant security risks, as the exploit has been made publicly available.