{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-9531","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-08-27T07:33:52.813Z","datePublished":"2025-08-27T13:32:09.365Z","dateUpdated":"2025-08-28T04:56:54.055Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-08-28T04:56:54.055Z"},"title":"Portabilis i-Educar Agenda agenda.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"SQL Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]}],"affected":[{"vendor":"Portabilis","product":"i-Educar","versions":[{"version":"2.0","status":"affected"},{"version":"2.1","status":"affected"},{"version":"2.2","status":"affected"},{"version":"2.3","status":"affected"},{"version":"2.4","status":"affected"},{"version":"2.5","status":"affected"},{"version":"2.6","status":"affected"},{"version":"2.7","status":"affected"},{"version":"2.8","status":"affected"},{"version":"2.9","status":"affected"},{"version":"2.10","status":"affected"}],"modules":["Agenda Module"]}],"descriptions":[{"lang":"en","value":"A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/agenda.php of the component Agenda Module. Performing manipulation of the argument cod_agenda results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"In Portabilis i-Educar bis 2.10 wurde eine Schwachstelle gefunden. Es ist betroffen eine unbekannte Funktion der Datei /intranet/agenda.php der Komponente Agenda Module. Die Veränderung des Parameters cod_agenda resultiert in sql injection. Es ist möglich, den Angriff aus der Ferne durchzuführen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-08-27T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-08-27T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-08-28T06:58:56.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Karina Gante (CVE-Hunters)","type":"finder"},{"lang":"en","value":"karinagante (VulDB User)","type":"reporter"},{"lang":"en","value":"karinagante (VulDB User)","type":"analyst"}],"references":[{"url":"https://vuldb.com/?id.321550","name":"VDB-321550 | Portabilis i-Educar Agenda agenda.php sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.321550","name":"VDB-321550 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.635752","name":"Submit #635752 | Portabilis i-Educar 2.10 SQL Injection","tags":["third-party-advisory"]},{"url":"https://karinagante.github.io/cve-2025-9531/","tags":["related"]},{"url":"https://karinagante.github.io/cve-2025-9531/#proof-of-concept-poc","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-08-27T13:46:12.565341Z","id":"CVE-2025-9531","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-27T13:46:24.251Z"}}]}}