Portabilis Security Vulnerabilities (CVEs)

This vulnerability allows attackers to inject malicious scripts into the User Data Page of Portabilis i-Educar through the /intranet/meusdadod.php fil...

This stored XSS vulnerability in Portabilis i-Educar allows attackers to inject malicious scripts via the matricula_interna parameter, which are then ...

An authenticated time-based SQL injection vulnerability in i-Educar school management software allows attackers with valid user credentials to execute...

An authenticated time-based SQL injection vulnerability in i-Educar school management software allows attackers with valid user sessions to execute ar...

This vulnerability in Portabilis i-Educar allows attackers to escalate privileges through insecure inherited permissions in the User Type Handler comp...

CVE-2025-11050 is an improper authorization vulnerability in Portabilis i-Educar's /periodo-lancamento endpoint that allows remote attackers to bypass...

CVE-2025-11049 is an improper authorization vulnerability in Portabilis i-Educar's /unificacao-aluno endpoint that allows unauthorized access to stude...

This vulnerability allows attackers to bypass authorization controls in Portabilis i-Educar's /consulta-dispensas endpoint, potentially accessing unau...

This vulnerability in Portabilis i-Educar allows attackers to bypass authorization controls and enumerate student records by manipulating the aluno_id...

This SQL injection vulnerability in Portabilis i-Educar allows attackers to execute arbitrary SQL commands through the /module/Cadastro/aluno endpoint...

This SQL injection vulnerability in Portabilis i-Educar allows attackers to execute arbitrary SQL commands by manipulating the ID parameter in the /mo...

This SQL injection vulnerability in Portabilis i-Educar allows attackers to manipulate database queries through the /module/ComponenteCurricular/edit ...

This vulnerability in Portabilis i-Educar allows attackers to bypass access controls on the /enrollment-history/ endpoint, potentially accessing unaut...

This vulnerability is a reflected cross-site scripting (XSS) flaw in Portabilis i-Educar's agenda_preferencias.php file, where the tipoacao parameter ...

This vulnerability allows attackers to inject malicious scripts into the Portabilis i-Educar web application via the 'tipoacao' parameter in the Confi...

This vulnerability in Portabilis i-Educar allows unauthorized access to class information via the /module/Avaliacao/diarioApi endpoint. Attackers can ...

This vulnerability in Portabilis i-Educar allows unauthorized access to class information through the /module/Api/turma endpoint. Attackers can exploi...

This vulnerability allows attackers to bypass access controls in Portabilis i-Educar's batch enrollment cancellation endpoint. Remote attackers can ma...

This vulnerability in Portabilis i-Educar allows attackers to bypass access controls on the student enrollment endpoint, potentially manipulating stud...

CVE-2025-10070 is an improper access control vulnerability in Portabilis i-Educar up to version 2.10 that allows remote attackers to bypass authorizat...

This CVE describes a SQL injection vulnerability in Portabilis i-Educar educational software versions up to 2.10. Attackers can exploit the 'ref_cod_a...

This CVE describes a SQL injection vulnerability in Portabilis i-Educar's knowledge area listing page. Attackers can exploit this by manipulating the ...

This CVE describes a SQL injection vulnerability in Portabilis i-Educar's Formula de Cálculo de Média page. Attackers can exploit the 'ID' parameter...

CVE-2025-9607 is a SQL injection vulnerability in Portabilis i-Educar's Tabelas de Arredondamento page that allows remote attackers to execute arbitra...

CVE-2025-9532 is a SQL injection vulnerability in Portabilis i-Educar educational software that allows remote attackers to execute arbitrary SQL comma...

This vulnerability allows attackers to inject malicious scripts into the Portabilis i-Diario web application through the search_autocomplete endpoint....

This vulnerability allows attackers to bypass authorization mechanisms in Portabilis i-Educar's API endpoint at /module/Api/Diario. Attackers can remo...

This vulnerability in Portabilis i-Educar allows attackers to bypass authorization controls by manipulating the ID parameter in the /module/Api/pessoa...

This is a reflected cross-site scripting (XSS) vulnerability in Portabilis i-Educar 2.9 that allows attackers to inject malicious scripts via the 'tit...

A reflected cross-site scripting (XSS) vulnerability exists in Portabilis i-Educar 2.9 where the 'nome' parameter in /intranet/funcionario_vinculo_lst...

CVE-2024-48325 is an unauthenticated SQL injection vulnerability in Portabilis i-Educar 2.8.0 that allows remote attackers to execute arbitrary SQL co...

This vulnerability allows authenticated users with minimal viewing privileges in i-Educar school management software to escalate their privileges to A...