SQL Injection Vulnerability in Portabilis i-Educar Software
CVE-2025-9607

5.3MEDIUM

Key Information:

Vendor

Portabilis

Status
I-educar
Vendor
CVE Published:
29 August 2025

What is CVE-2025-9607?

A vulnerability has been identified in the Portabilis i-Educar software up to version 2.10. It affects an undefined functionality within the Tabelas de Arredondamento Page, specifically the /module/TabelaArredondamento/view file. By manipulating the ID argument, attackers can execute SQL injection attacks, potentially compromising the database. This vulnerability is exploitable remotely and has been documented publicly, providing a roadmap for malicious actors to leverage this flaw for unauthorized access.

Affected Version(s)

i-Educar 2.0

i-Educar 2.1

i-Educar 2.2

References

https://vuldb.com/?id.321785
vdb-entrytechnical-description
https://vuldb.com/?ctiid.321785
signaturepermissions-required
https://vuldb.com/?submit.636578
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

marceloQz (VulDB User)
marceloQz (VulDB User)
.
CVE-2025-9607 : SQL Injection Vulnerability in Portabilis i-Educar Software