📦 I Educar

An authenticated time-based SQL injection vulnerability in i-Educar school management software allows attackers with valid user credentials to execute arbitrary SQL commands against the database. This...

An authenticated time-based SQL injection vulnerability in i-Educar school management software allows attackers with valid user sessions to execute arbitrary SQL commands against the database. This af...

CVE-2024-48325 is an unauthenticated SQL injection vulnerability in Portabilis i-Educar 2.8.0 that allows remote attackers to execute arbitrary SQL commands. This affects all systems running the vulne...

This vulnerability allows authenticated users with minimal viewing privileges in i-Educar school management software to escalate their privileges to Administrator level. Attackers can achieve this by ...

This stored XSS vulnerability in Portabilis i-Educar allows attackers to inject malicious scripts via the matricula_interna parameter, which are then executed when other users view affected pages. It ...

This vulnerability in Portabilis i-Educar allows attackers to escalate privileges through insecure inherited permissions in the User Type Handler component. Attackers can remotely exploit this to gain...

CVE-2025-11050 is an improper authorization vulnerability in Portabilis i-Educar's /periodo-lancamento endpoint that allows remote attackers to bypass access controls. This affects i-Educar users up t...

CVE-2025-11049 is an improper authorization vulnerability in Portabilis i-Educar's /unificacao-aluno endpoint that allows unauthorized access to student unification functionality. Attackers can exploi...

This vulnerability allows attackers to bypass authorization controls in Portabilis i-Educar's /consulta-dispensas endpoint, potentially accessing unauthorized data or functions. It affects i-Educar ve...

This vulnerability in Portabilis i-Educar allows attackers to bypass authorization controls and enumerate student records by manipulating the aluno_id parameter in the /module/Api/aluno endpoint. It a...

This SQL injection vulnerability in Portabilis i-Educar allows attackers to execute arbitrary SQL commands through the /module/Cadastro/aluno endpoint. It affects i-Educar versions up to 2.10, potenti...

This SQL injection vulnerability in Portabilis i-Educar allows attackers to execute arbitrary SQL commands by manipulating the ID parameter in the /module/ComponenteCurricular/view endpoint. This coul...

This SQL injection vulnerability in Portabilis i-Educar allows attackers to manipulate database queries through the /module/ComponenteCurricular/edit endpoint. Attackers can potentially read, modify, ...

This vulnerability in Portabilis i-Educar allows attackers to bypass access controls on the /enrollment-history/ endpoint, potentially accessing unauthorized student enrollment data. The vulnerability...

This vulnerability is a reflected cross-site scripting (XSS) flaw in Portabilis i-Educar's agenda_preferencias.php file, where the tipoacao parameter is not properly sanitized. Attackers can inject ma...

This vulnerability in Portabilis i-Educar allows unauthorized access to class information via the /module/Avaliacao/diarioApi endpoint. Attackers can remotely exploit this Broken Object Level Authoriz...

This vulnerability allows attackers to inject malicious scripts into the Portabilis i-Educar web application via the 'tipoacao' parameter in the ConfiguracaoMovimentoGeral module. When exploited, this...

This vulnerability in Portabilis i-Educar allows unauthorized access to class information through the /module/Api/turma endpoint. Attackers can exploit this broken object level authorization (BOLA) to...

This vulnerability allows attackers to bypass access controls in Portabilis i-Educar's batch enrollment cancellation endpoint. Remote attackers can manipulate the /cancelar-enturmacao-em-lote/ endpoin...

This vulnerability in Portabilis i-Educar allows attackers to bypass access controls on the student enrollment endpoint, potentially manipulating student class assignments without proper authorization...

CVE-2025-10070 is an improper access control vulnerability in Portabilis i-Educar up to version 2.10 that allows remote attackers to bypass authorization mechanisms in the /enturmacao-em-lote/ endpoin...

This CVE describes a SQL injection vulnerability in Portabilis i-Educar educational software versions up to 2.10. Attackers can exploit the 'ref_cod_aluno' parameter in the educar_historico_escolar_ls...

This CVE describes a SQL injection vulnerability in Portabilis i-Educar's knowledge area listing page. Attackers can exploit this by manipulating the ID parameter in the /module/AreaConhecimento/edit ...

This CVE describes a SQL injection vulnerability in Portabilis i-Educar's Formula de Cálculo de Média page. Attackers can exploit the 'ID' parameter in the /module/FormulaMedia/edit endpoint to exec...

CVE-2025-9607 is a SQL injection vulnerability in Portabilis i-Educar's Tabelas de Arredondamento page that allows remote attackers to execute arbitrary SQL commands by manipulating the ID parameter. ...

CVE-2025-9532 is a SQL injection vulnerability in Portabilis i-Educar educational software that allows remote attackers to execute arbitrary SQL commands via manipulation of the ID parameter in the /R...

This vulnerability allows attackers to bypass authorization mechanisms in Portabilis i-Educar's API endpoint at /module/Api/Diario. Attackers can remotely exploit this to access unauthorized functiona...

This vulnerability in Portabilis i-Educar allows attackers to bypass authorization controls by manipulating the ID parameter in the /module/Api/pessoa API endpoint. It affects all i-Educar installatio...

This is a reflected cross-site scripting (XSS) vulnerability in Portabilis i-Educar 2.9 that allows attackers to inject malicious scripts via the 'titulo_avaliacao' parameter in the /intranet/educar_a...

A reflected cross-site scripting (XSS) vulnerability exists in Portabilis i-Educar 2.9 where the 'nome' parameter in /intranet/funcionario_vinculo_lst.php is not properly sanitized. This allows attack...

This vulnerability allows attackers to inject malicious scripts into the User Data Page of Portabilis i-Educar through the /intranet/meusdadod.php file. The cross-site scripting (XSS) attack can be ex...