A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/view of the component Formula de Cálculo de Média Page. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
History

Tue, 02 Sep 2025 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*

Sun, 31 Aug 2025 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Portabilis
Portabilis i-educar
Vendors & Products Portabilis
Portabilis i-educar

Fri, 29 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 29 Aug 2025 03:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/view of the component Formula de Cálculo de Média Page. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Title Portabilis i-Educar Formula de Cálculo de Média view sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-29T13:39:43.556Z

Reserved: 2025-08-28T15:28:19.407Z

Link: CVE-2025-9608

cve-icon Vulnrichment

Updated: 2025-08-29T13:39:39.270Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-29T03:15:40.847

Modified: 2025-09-02T17:00:10.723

Link: CVE-2025-9608

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-31T08:41:39Z