VYPR

I Educar

by Portabilis

Source repositories

CVEs (94)

  • CVE-2025-8539LowAug 5, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this issue is some unknown functionality of the file /intranet/public_distrito_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack may be…

  • CVE-2025-8538LowAug 5, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /usuarios/tipos/novo. The manipulation of the argument name/description leads to cross site scripting. The attack can…

  • CVE-2024-48325Nov 6, 2024
    risk 0.01cvss epss 0.01

    Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the "getDocuments" function of the "InstituicaoDocumentacaoController" class. The "instituicao_id" parameter in "/module/Api/InstituicaoDocumentacao?oper=get&resource=getDocuments&instituicao_id" is not properly…

  • CVE-2025-9638Dec 9, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affects i-Educar: 2.10.0.

  • CVE-2025-65022Nov 19, 2025
    risk 0.00cvss epss 0.00

    i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL…

  • CVE-2025-65023Nov 19, 2025
    risk 0.00cvss epss 0.00

    i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionario_vinculo_cad.php script. An attacker with access to an authenticated session can execute…

  • CVE-2025-65024Nov 19, 2025
    risk 0.00cvss epss 0.00

    i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda_admin_cad.php script. An attacker with access to an authenticated session can execute arbitrary…

  • CVE-2024-55651May 7, 2025
    risk 0.00cvss epss 0.00

    i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field. Through…

  • CVE-2024-12893Dec 22, 2024
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. Affected by this issue is some unknown functionality of the file /usuarios/tipos/2 of the component Tipo de Usuário Page. The manipulation of the argument name leads to cross…

  • CVE-2024-55239Dec 18, 2024
    risk 0.00cvss epss 0.00

    A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter.

  • CVE-2024-45059Aug 28, 2024
    risk 0.00cvss epss 0.01

    i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates…

  • CVE-2024-45058Aug 28, 2024
    risk 0.00cvss epss 0.01

    i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to…

  • CVE-2024-45057Aug 28, 2024
    risk 0.00cvss epss 0.00

    i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The…

  • CVE-2023-5578Oct 14, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agenda_imprimir.php of the component HTTP GET Request Handler. The manipulation of the argument…

Page 5 of 5