MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-65023

🔴 HIGH

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionario_vinculo_cad....

Published
Nov 19, 2025
Last Modified
Nov 20, 2025
Views
3
Bookmarks
0

Description

Request Expert Review

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionario_vinculo_cad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the application's database. This vulnerability is caused by the improper handling of the cod_funcionario_vinculo GET parameter, which is directly concatenated into an SQL query without proper sanitization. This issue has been patched in commit a00dfa3.

Affected Products (1)

portabilis - i-educar

Version: *

CVSS Scores

CVSS 3.1 7.2
7.2
HIGH
CVSS 2.0 7.2

References

github.com github.com github.com

Additional Information

Source
security-advisories@github.com
State
Analyzed

Related CVEs

CVE-2025-8405

HIGH

GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that...

Score: 8.7

CVE-2025-4097

MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could...

Score: 6.5

CVE-2025-11984

MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could h...

Score: 6.8

CVE-2025-11247

MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have...

Score: 4.3

CVE-2025-9436

MEDIUM

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `trustindex` shortcode in all versio...

Score: 6.4

CVE-2025-14157

MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could ha...

Score: 6.5

Share CVE-2025-65023

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-65023 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis