Marcelo Queiroz

23 exploits Active since Jul 2025
CVE-2025-10012 WRITEUP MEDIUM WRITEUP
Portabilis i-educar < 2.10.0 - SQL Injection via ref_cod_aluno Parameter
A security vulnerability has been detected in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file educar_historico_escolar_lst.php. Such manipulation of the argument ref_cod_aluno leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
CVSS 6.3
CVE-2025-10013 WRITEUP MEDIUM WRITEUP
Portabilis i-educar < 2.10.0 - Incorrect Privilege Assignment in /exportacao-para-o-seb Endpoint
A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVSS 6.3
CVE-2025-10070 WRITEUP MEDIUM WRITEUP
Portabilis i-educar < 2.10.0 - Incorrect Privilege Assignment in /enturmacao-em-lote/ Endpoint
A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely. The exploit has been published and may be used.
CVSS 6.3
CVE-2025-10071 WRITEUP MEDIUM WRITEUP
Portabilis i-educar < 2.10.0 - Incorrect Privilege Assignment in /cancelar-enturmacao-em-lote/ Endpoint
A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-10072 WRITEUP MEDIUM WRITEUP
Portabilis i-educar < 2.10.0 - Incorrect Privilege Assignment in /matricula/[ID_STUDENT]/enturmar/ Endpoint
A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
CVSS 6.3
CVE-2025-10073 WRITEUP MEDIUM WRITEUP
Portabilis i-educar < 2.10.0 - Broken Object Level Authorization via /module/Api/turma
A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 4.3
CVE-2025-10099 WRITEUP LOW WRITEUP
Portabilis i-educar < 2.10.0 - Cross-Site Scripting via educar_usuario_cad.php Email Parameter
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_usuario_cad.php of the component Editar usuário Page. This manipulation of the argument email/data_inicial/data_expiracao causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
CVSS 2.4
CVE-2025-10605 WRITEUP MEDIUM WRITEUP
Portabilis i-educar < 2.10.0 - Cross-Site Scripting via tipoacao Parameter in agenda_preferencias.php
A security flaw has been discovered in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /agenda_preferencias.php. The manipulation of the argument tipoacao results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
CVSS 4.3
CVE-2025-10607 WRITEUP MEDIUM WRITEUP
Portabilis i-educar < 2.10.0 - Exposure of Sensitive Information via /module/Avaliacao/diarioApi
A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Avaliacao/diarioApi. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
CVSS 4.3
CVE-2025-10608 WRITEUP MEDIUM WRITEUP
Portabilis i-educar < 2.10.0 - Incorrect Privilege Assignment in Enrollment History Endpoint
A vulnerability was detected in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /enrollment-history/. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVSS 6.3
CVE-2025-11048 WRITEUP MEDIUM WRITEUP
Portabilis i-Educar <2.10 - Info Disclosure
A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS 6.3
CVE-2025-11049 WRITEUP MEDIUM WRITEUP
Portabilis i-Educar <2.10 - Auth Bypass
A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /unificacao-aluno. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CVSS 6.3
CVE-2025-7872 WRITEUP LOW WRITEUP
Portabilis i-Diario 1.5.0 - Cross-Site Scripting via Justificativa Parameter
A vulnerability was found in Portabilis i-Diario 1.5.0 and classified as problematic. This issue affects some unknown processing of the file /justificativas-de-falta. The manipulation of the argument Justificativa leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 3.5
CVE-2025-8368 WRITEUP MEDIUM WRITEUP
Portabilis i-Educar 2.9 - Cross-Site Scripting via campo_busca/cpf Parameters
A vulnerability classified as problematic was found in Portabilis i-Educar 2.9. This vulnerability affects unknown code of the file /intranet/pesquisa_pessoa_lst.php. The manipulation of the argument campo_busca/cpf leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2025-8743 WRITEUP LOW WRITEUP
scada-lts < 2.7.8.1 - Stored Cross-Site Scripting in Virtual Data Source Property Handler via Name Parameter
A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. This affects an unknown part of the file /data_source_edit.shtm of the component Virtual Data Source Property Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2025-8787 WRITEUP LOW WRITEUP
Portabilis i-Diario <= 1.5.0 - Stored Cross-Site Scripting in Registro das atividades
A vulnerability has been found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /registros-de-conteudos-por-disciplina/ of the component Registro das atividades. The manipulation of the argument Registro de atividades/Conteúdos leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 3.5
CVE-2025-9104 WRITEUP LOW WRITEUP
Portabilis i-Diario < 1.5.0 - Stored Cross-Site Scripting via Parecer/Objeto de Conhecimento/Habilidades Parameters
A flaw has been found in Portabilis i-Diario up to 1.5.0. The affected element is an unknown function of the file /planos-de-aulas-por-disciplina/ of the component Informações Adicionais Page. This manipulation of the argument Parecer/Objeto de Conhecimento/Habilidades causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 3.5
CVE-2025-9606 WRITEUP MEDIUM WRITEUP
Portabilis i-Educar <2.10 - SQL Injection
A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/agenda_preferencias.php. Performing manipulation of the argument cod_agenda results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
CVSS 6.3
CVE-2025-9607 WRITEUP MEDIUM WRITEUP
Portabilis i-Educar <2.10 - SQL Injection
A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /module/TabelaArredondamento/view of the component Tabelas de Arredondamento Page. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
CVSS 6.3
CVE-2025-9608 WRITEUP MEDIUM WRITEUP
Portabilis i-Educar <2.10 - SQL Injection
A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/view of the component Formula de Cálculo de Média Page. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-9684 WRITEUP MEDIUM WRITEUP
Portabilis i-Educar <2.10 - SQL Injection
A vulnerability was determined in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/edit of the component Formula de Cálculo de Média Page. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVSS 6.3
CVE-2025-9685 WRITEUP MEDIUM WRITEUP
Portabilis i-Educar <2.10 - SQL Injection
A vulnerability was identified in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/AreaConhecimento/view of the component Listagem de áreas de conhecimento Page. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
CVSS 6.3
CVE-2025-9686 WRITEUP MEDIUM WRITEUP
Portabilis i-Educar <2.10 - SQL Injection
A security flaw has been discovered in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /module/AreaConhecimento/edit of the component Listagem de áreas de conhecimento Page. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
CVSS 6.3