CNNVD-202510-1262 Information

Oct 09, 2025 cve

CNNVD ID

CNNVD-202510-1262

CVE-2025-11554

  • CNNVD Published: 2025-10-09

Description (Chinese)

i-Educar是Portábilis开源的一个免费教育软件。 i-Educar 2.9.10及之前版本存在安全漏洞,该漏洞源于文件app/Http/Controllers/AccessLevelController.php中用户类型处理组件存在权限继承不当,可能导致远程攻击。

Description (English)

i-Educar is a free education software from Portábilis. i-Educar 2.9.10 and previous versions contain security loopholes stemming from the inappropriate inheritance of user-type processing components in documentapp/Http/Controllers/AccessLevelController.php, which may lead to a remote attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Portábilis

Published

2025-10-09

Last Modified

2026-02-24

References

https://docs.google.com/document/d/1yGubpU9I6JnkKsrdNRP6bUCeQv3ZDcknXAHOzFZBkGQ/ https://vuldb.com/?ctiid.327714 https://vuldb.com/?id.327714 https://vuldb.com/?submit.671072 https://access.redhat.com/security/cve/cve-2025-11554

Patch

https://ieducar.org/

Share on: