CVE-2025-9236

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-9236

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9236.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-9236

Published

2025-08-20T18:15:36Z

Modified

2025-10-22T16:27:56.971097Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educartipousuariolst.php of the component Tipos de usuàrio Page. Such manipulation of the argument nmtipo/descrição leads to sql injection. The attack may be performed from a remote location. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/portabilis/i-educar

Affected ranges

Type: GIT
Repo: https://github.com/portabilis/i-educar
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

cfb0a5db27ab623cf3f17cd5e0c704bde02cbf07

Affected versions

2.*

2.0.0

2.0.1

2.0.10

2.0.11

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.8.1

2.0.9

2.1.0

2.1.1

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.18

2.1.19

2.1.2

2.1.20

2.1.21

2.1.23-upgrade

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.10.0

2.2.0

2.2.1

2.2.10

2.2.11

2.2.12

2.2.13

2.2.14

2.2.15

2.2.16

2.2.17

2.2.18

2.2.19

2.2.2

2.2.20

2.2.21-upgrade

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.3.0

2.3.1

2.3.10

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8

2.3.9

2.4.0

2.4.1

2.4.2

2.5.0

2.5.1

2.5.2

2.5.3

2.5.4-upgrade

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

2.8.0

2.8.0-beta

2.9.0