{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-9686","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-08-29T10:57:03.222Z","datePublished":"2025-08-30T11:32:06.172Z","dateUpdated":"2025-09-02T15:18:50.384Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-08-30T11:32:06.172Z"},"title":"Portabilis i-Educar Listagem de áreas de conhecimento edit sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"SQL Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]}],"affected":[{"vendor":"Portabilis","product":"i-Educar","versions":[{"version":"2.0","status":"affected"},{"version":"2.1","status":"affected"},{"version":"2.2","status":"affected"},{"version":"2.3","status":"affected"},{"version":"2.4","status":"affected"},{"version":"2.5","status":"affected"},{"version":"2.6","status":"affected"},{"version":"2.7","status":"affected"},{"version":"2.8","status":"affected"},{"version":"2.9","status":"affected"},{"version":"2.10","status":"affected"}],"modules":["Listagem de áreas de conhecimento Page"]}],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /module/AreaConhecimento/edit of the component Listagem de áreas de conhecimento Page. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited."},{"lang":"de","value":"In Portabilis i-Educar bis 2.10 wurde eine Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /module/AreaConhecimento/edit der Komponente Listagem de áreas de conhecimento Page. Durch Beeinflussen des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff lässt sich über das Netzwerk starten. Der Exploit ist öffentlich verfügbar und könnte genutzt werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-08-29T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-08-29T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-08-29T17:17:49.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"marceloQz (VulDB User)","type":"reporter"},{"lang":"en","value":"marceloQz (VulDB User)","type":"analyst"}],"references":[{"url":"https://vuldb.com/?id.321898","name":"VDB-321898 | Portabilis i-Educar Listagem de áreas de conhecimento edit sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.321898","name":"VDB-321898 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.638577","name":"Submit #638577 | Portabilis i-educar 2.10 SQL Injection","tags":["third-party-advisory"]},{"url":"https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9686.md","tags":["related"]},{"url":"https://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(Blind%20Time-Based)%20Vulnerability%20in%20%60id%60%20Parameter%20on%20%60.module.AreaConhecimento.edit%60%20Endpoint.md","tags":["exploit"]}]},"adp":[{"references":[{"url":"https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9686.md","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-02T14:50:49.452536Z","id":"CVE-2025-9686","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-02T15:18:50.384Z"}}]}}