CVE-2025-10608

Medium CVSS: 5.3

A vulnerability was detected in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /enrollment-history/. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Vendor

Portabilis

Product

I-educar

CWE

CWE-266

Yayın Tarihi

2025-09-17 19:15:46

Güncelleme

2025-09-18 20:21:44

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-266 I-educar MEDIUM Portabilis 2025

Referanslar

https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Access%20Control%20Vulnerability%20%20in%20%60.enrollment-history.(ID)%60%20Endpoint.md https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10608.md https://vuldb.com/?ctiid.324628 https://vuldb.com/?id.324628 https://vuldb.com/?submit.649876 https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10608.md https://vuldb.com/?submit.649876

Benzer Kayıtlar

Medium

CVE-2026-2064

A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functiona…

Medium

CVE-2026-2015

A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatu…

Medium

CVE-2025-9638

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educa…

High

CVE-2025-65022

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL…

High

CVE-2025-65023

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL…

High

CVE-2025-65024

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL…