Vulnerability Description
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionario_vinculo_cad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the application's database. This vulnerability is caused by the improper handling of the cod_funcionario_vinculo GET parameter, which is directly concatenated into an SQL query without proper sanitization. This issue has been patched in commit a00dfa3.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Portabilis | I-Educar | <= 2.10.0 |
Related Weaknesses (CWE)
References
- https://github.com/portabilis/i-educar/commit/a00dfa3f129bc84e27873aa01cbd3f82e5Patch
- https://github.com/portabilis/i-educar/security/advisories/GHSA-8rv6-x8h9-fjfcExploitVendor Advisory
- https://github.com/portabilis/i-educar/security/advisories/GHSA-8rv6-x8h9-fjfcExploitVendor Advisory
FAQ
What is CVE-2025-65023?
CVE-2025-65023 is a vulnerability with a CVSS score of 7.2 (HIGH). i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionario_vinculo_cad....
How severe is CVE-2025-65023?
CVE-2025-65023 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-65023?
Check the references section above for vendor advisories and patch information. Affected products include: Portabilis I-Educar.