CNNVD-202511-816 Information

Nov 07, 2025 cve

CNNVD ID

CNNVD-202511-816

CVE-2025-10870

CNNVD Published: 2025-11-07

Description (Chinese)

DIAL CentrosNET App是西班牙DIAL公司的一款面向学生、教师及学校管理人员的移动应用程序。 DIAL CentrosNET App v2.64版本存在SQL注入漏洞，该漏洞源于对文件/centrosnet/ultralogin.php中参数ultralogin的错误操作，可能导致SQL注入攻击。

Description (English)

DIAL CentrosNET App is a mobile application for students, teachers and school administrators of the Spanish company DIAL. DIAL CentrosNET App v. 2.64 has an injection loophole in SQL, which results from an error in the ultralogin parameter in document/centrosnet/ultralogin.php, which may lead to an attack on SQL injection.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

DIAL

Published

2025-11-07

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-dials-centrosnet

Share on: