Vulnerability Description
A security flaw has been discovered in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /module/AreaConhecimento/edit of the component Listagem de áreas de conhecimento Page. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Portabilis | I-Educar | <= 2.10 |
Related Weaknesses (CWE)
References
- https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9686.mdExploitThird Party Advisory
- https://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(BlindBroken Link
- https://vuldb.com/?ctiid.321898Permissions RequiredVDB Entry
- https://vuldb.com/?id.321898Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.638577Third Party AdvisoryVDB Entry
- https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9686.mdExploitThird Party Advisory
FAQ
What is CVE-2025-9686?
CVE-2025-9686 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A security flaw has been discovered in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /module/AreaConhecimento/edit of the component Listagem de áreas de conhec...
How severe is CVE-2025-9686?
CVE-2025-9686 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-9686?
Check the references section above for vendor advisories and patch information. Affected products include: Portabilis I-Educar.