SQL Injection Vulnerability in Portabilis i-Educar Software
CVE-2025-9684

5.3MEDIUM

Key Information:

Vendor

Portabilis

Status
I-educar
Vendor
CVE Published:
30 August 2025

What is CVE-2025-9684?

A SQL injection vulnerability has been identified in Portabilis i-Educar up to version 2.10, particularly in the Formula de Cálculo de Média Page component. This security flaw allows attackers to manipulate the argument ID through the /module/FormulaMedia/edit file. Such manipulation can lead to unauthorized access to the database, enabling potential data breaches. With the exploit being publicly disclosed, it is crucial for users of affected versions to take immediate action to secure their systems against potential remote exploitation.

Affected Version(s)

i-Educar 2.0

i-Educar 2.1

i-Educar 2.2

References

https://vuldb.com/?id.321896
vdb-entrytechnical-description
https://vuldb.com/?ctiid.321896
signaturepermissions-required
https://vuldb.com/?submit.638574
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

marceloQz (VulDB User)
marceloQz (VulDB User)
.
CVE-2025-9684 : SQL Injection Vulnerability in Portabilis i-Educar Software