Vulnerability Description
A vulnerability was determined in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/edit of the component Formula de Cálculo de Média Page. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Portabilis | I-Educar | <= 2.10 |
Related Weaknesses (CWE)
References
- https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9684.mdExploitThird Party Advisory
- https://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(BlindBroken Link
- https://vuldb.com/?ctiid.321896Permissions RequiredVDB Entry
- https://vuldb.com/?id.321896Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.638574Third Party AdvisoryVDB Entry
- https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9684.mdExploitThird Party Advisory
FAQ
What is CVE-2025-9684?
CVE-2025-9684 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was determined in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/edit of the component Formula de Cálculo de Média Page. This manipulatio...
How severe is CVE-2025-9684?
CVE-2025-9684 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-9684?
Check the references section above for vendor advisories and patch information. Affected products include: Portabilis I-Educar.