SQL Injection Vulnerability in Portabilis i-Educar Software
CVE-2025-9606

5.3MEDIUM

Key Information:

Vendor

Portabilis

Status
I-educar
Vendor
CVE Published:
29 August 2025

What is CVE-2025-9606?

A SQL injection vulnerability has been identified in the Portabilis i-Educar system, specifically within the file /intranet/agenda_preferencias.php. This flaw allows attackers to manipulate the 'cod_agenda' parameter, enabling them to execute unauthorized SQL commands. The vulnerability is exploitable remotely, raising significant security concerns. With public knowledge of the exploit, users of affected versions should prioritize immediate remediation.

Affected Version(s)

i-Educar 2.0

i-Educar 2.1

i-Educar 2.2

References

https://vuldb.com/?id.321784
vdb-entrytechnical-description
https://vuldb.com/?ctiid.321784
signaturepermissions-required
https://vuldb.com/?submit.636577
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

marceloQz (VulDB User)
marceloQz (VulDB User)
.
CVE-2025-9606 : SQL Injection Vulnerability in Portabilis i-Educar Software