CNNVD-202508-3609 Information

CNNVD ID

CNNVD-202508-3609

Related CVE

CVE-2025-9608

• CNNVD Published: 2025-08-29

Description (Chinese)

i-Educar是Portábilis开源的一个免费教育软件。 i-Educar 2.10及之前版本存在安全漏洞，该漏洞源于文件/module/FormulaMedia/view中参数ID的错误操作导致SQL注入攻击。

Description (English)

i-Educar is a free education software from Portábilis. i-Educar 2.10 and earlier versions contained a security loophole, which resulted from the wrong operation of parameter ID in document/module/FormulaMedia/view, resulting in the SQL injection attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Portábilis

Published

2025-08-29

Last Modified

2026-02-24

References

https://vuldb.com/?submit.636579 https://vuldb.com/?id.321786 https://vuldb.com/?ctiid.321786 https://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(Blind%20Time-Based)%20Vulnerability%20in%20%60id%60%20Parameter%20on%20%60.module.FormulaMedia.view%60%20Endpoint%201.md#poc https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9608.md https://nvd.nist.gov/vuln/detail/CVE-2025-9608