{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-9685","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-08-29T10:56:30.355Z","datePublished":"2025-08-30T11:02:06.212Z","dateUpdated":"2025-09-02T15:18:57.067Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-08-30T11:02:06.212Z"},"title":"Portabilis i-Educar Listagem de áreas de conhecimento view sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"SQL Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]}],"affected":[{"vendor":"Portabilis","product":"i-Educar","versions":[{"version":"2.0","status":"affected"},{"version":"2.1","status":"affected"},{"version":"2.2","status":"affected"},{"version":"2.3","status":"affected"},{"version":"2.4","status":"affected"},{"version":"2.5","status":"affected"},{"version":"2.6","status":"affected"},{"version":"2.7","status":"affected"},{"version":"2.8","status":"affected"},{"version":"2.9","status":"affected"},{"version":"2.10","status":"affected"}],"modules":["Listagem de áreas de conhecimento Page"]}],"descriptions":[{"lang":"en","value":"A vulnerability was identified in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/AreaConhecimento/view of the component Listagem de áreas de conhecimento Page. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used."},{"lang":"de","value":"Es wurde eine Schwachstelle in Portabilis i-Educar bis 2.10 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /module/AreaConhecimento/view der Komponente Listagem de áreas de conhecimento Page. Durch das Beeinflussen des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Die Schwachstelle wurde öffentlich offengelegt und könnte ausgenutzt werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-08-29T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-08-29T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-08-29T17:17:46.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"marceloQz (VulDB User)","type":"reporter"},{"lang":"en","value":"marceloQz (VulDB User)","type":"analyst"}],"references":[{"url":"https://vuldb.com/?id.321897","name":"VDB-321897 | Portabilis i-Educar Listagem de áreas de conhecimento view sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.321897","name":"VDB-321897 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.638576","name":"Submit #638576 | Portabilis i-educar 2.10 SQL Injection","tags":["third-party-advisory"]},{"url":"https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9685.md","tags":["related"]},{"url":"https://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(Blind%20Time-Based)%20Vulnerability%20in%20%60id%60%20Parameter%20on%20%60.module.AreaConhecimento.view%60%20Endpoint.md","tags":["broken-link","exploit"]}]},"adp":[{"references":[{"url":"https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9685.md","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-02T14:50:57.403671Z","id":"CVE-2025-9685","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-02T15:18:57.067Z"}}]}}