CVE-2025-10845
MEDIUMPortabilis I-educar < 2.10.0 - Injection
Title source: ruleDescription
A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/ComponenteCurricular/view. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
Exploits (1)
github
WRITEUP
by KarinaGante · htmlpoc
https://github.com/KarinaGante/KG-Sec/tree/main/CVEs/i-Educar/CVE-2025-10845.md
References (5)
Scores
CVSS v3
6.3
EPSS
0.0003
EPSS Percentile
8.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-74
CWE-89
Status
published
Products (1)
portabilis/i-educar
< 2.10.0
Published
Sep 23, 2025
Tracked Since
Feb 18, 2026