CVE-2025-10011

MEDIUM

Portabilis i-educar < 2.10.0 - SQL Injection via ID Parameter in TabelaArredondamento Edit Endpoint

Title source: llm

Description

A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.322736

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.322736

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.643544

Exploit, Third Party Advisory related

https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10011.md

View Exploit ZIP pw:eip

Broken Link broken-link exploit

https://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(Blind%20Time-Based)%20Vulnerability%20in%20%60id%60%20Parameter%20on%20%60.module.TabelaArredondamento.edit%60%20Endpoint.md

Scores

CVSS v3 6.3

EPSS 0.0046

EPSS Percentile 36.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

portabilis/i-educar < 2.10.0

Published Sep 05, 2025

Tracked Since Feb 18, 2026