CVE-2025-65023
- Source
- https://cve.org/CVERecord?id=CVE-2025-65023
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65023.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-65023
- Aliases
-
- GHSA-8rv6-x8h9-fjfc
- Published
- 2025-11-19T16:02:10.539Z
- Modified
- 2026-04-02T13:00:09.613550Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- i-Educar Authenticated Time-based SQL Injection in `funcionario_vinculo_cad.php`
- Details
-
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the application's database. This vulnerability is caused by the improper handling of the codfuncionariovinculo GET parameter, which is directly concatenated into an SQL query without proper sanitization. This issue has been patched in commit a00dfa3.
- Database specific
{ "cwe_ids": [ "CWE-89" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/65xxx/CVE-2025-65023.json", "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/portabilis/i-educar
Affected ranges
- Type
- GIT
- Repo
- https://github.com/portabilis/i-educar
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.0.0
2.0.1
2.0.10
2.0.11
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.8.1
2.0.9
2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.1.19
2.1.2
2.1.20
2.1.21
2.1.22-upgrade
2.1.23-upgrade
2.1.24-upgrade
2.1.25-upgrade
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.10.0
2.2.0
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.14
2.2.15
2.2.16
2.2.17
2.2.18
2.2.19
2.2.2
2.2.20
2.2.21-upgrade
2.2.22-upgrade
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.3.0
2.3.1
2.3.10
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.2
2.4.3
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4-upgrade
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.8.0
2.8.0-beta
2.9.0