CVE-2025-10011

MEDIUM

Portabilis I-educar < 2.10.0 - Injection

Title source: rule

Description

A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.322736

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.322736

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.643544

Exploit, Third Party Advisory related

https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10011.md

View Exploit ZIP pw:eip

Broken Link broken-link exploit

https://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(Blind%20Time-Based)%20Vulnerability%20in%20%60id%60%20Parameter%20on%20%60.module.TabelaArredondamento.edit%60%20Endpoint.md

Scores

CVSS v3 6.3

EPSS 0.0005

EPSS Percentile 16.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

portabilis/i-educar < 2.10.0

Published Sep 05, 2025

Tracked Since Feb 18, 2026