I Educar
by Portabilis
Source repositories
CVEs (94)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-8539 | Low | 0.16 | 2.4 | 0.00 | Aug 5, 2025 | A vulnerability was found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this issue is some unknown functionality of the file /intranet/public_distrito_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack may be… | ||
| CVE-2025-8538 | Low | 0.16 | 2.4 | 0.00 | Aug 5, 2025 | A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /usuarios/tipos/novo. The manipulation of the argument name/description leads to cross site scripting. The attack can… | ||
| CVE-2024-48325 | 0.01 | — | 0.01 | Nov 6, 2024 | Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the "getDocuments" function of the "InstituicaoDocumentacaoController" class. The "instituicao_id" parameter in "/module/Api/InstituicaoDocumentacao?oper=get&resource=getDocuments&instituicao_id" is not properly… | |||
| CVE-2025-9638 | 0.00 | — | 0.00 | Dec 9, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affects i-Educar: 2.10.0. | |||
| CVE-2025-65022 | 0.00 | — | 0.00 | Nov 19, 2025 | i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL… | |||
| CVE-2025-65023 | 0.00 | — | 0.00 | Nov 19, 2025 | i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionario_vinculo_cad.php script. An attacker with access to an authenticated session can execute… | |||
| CVE-2025-65024 | 0.00 | — | 0.00 | Nov 19, 2025 | i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda_admin_cad.php script. An attacker with access to an authenticated session can execute arbitrary… | |||
| CVE-2024-55651 | 0.00 | — | 0.00 | May 7, 2025 | i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field. Through… | |||
| CVE-2024-12893 | 0.00 | — | 0.00 | Dec 22, 2024 | A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. Affected by this issue is some unknown functionality of the file /usuarios/tipos/2 of the component Tipo de Usuário Page. The manipulation of the argument name leads to cross… | |||
| CVE-2024-55239 | 0.00 | — | 0.00 | Dec 18, 2024 | A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter. | |||
| CVE-2024-45059 | 0.00 | — | 0.01 | Aug 28, 2024 | i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates… | |||
| CVE-2024-45058 | 0.00 | — | 0.01 | Aug 28, 2024 | i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to… | |||
| CVE-2024-45057 | 0.00 | — | 0.00 | Aug 28, 2024 | i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The… | |||
| CVE-2023-5578 | 0.00 | — | 0.00 | Oct 14, 2023 | A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agenda_imprimir.php of the component HTTP GET Request Handler. The manipulation of the argument… |
- risk 0.16cvss 2.4epss 0.00
A vulnerability was found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this issue is some unknown functionality of the file /intranet/public_distrito_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack may be…
- risk 0.16cvss 2.4epss 0.00
A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /usuarios/tipos/novo. The manipulation of the argument name/description leads to cross site scripting. The attack can…
- CVE-2024-48325Nov 6, 2024risk 0.01cvss —epss 0.01
Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the "getDocuments" function of the "InstituicaoDocumentacaoController" class. The "instituicao_id" parameter in "/module/Api/InstituicaoDocumentacao?oper=get&resource=getDocuments&instituicao_id" is not properly…
- CVE-2025-9638Dec 9, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affects i-Educar: 2.10.0.
- CVE-2025-65022Nov 19, 2025risk 0.00cvss —epss 0.00
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL…
- CVE-2025-65023Nov 19, 2025risk 0.00cvss —epss 0.00
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionario_vinculo_cad.php script. An attacker with access to an authenticated session can execute…
- CVE-2025-65024Nov 19, 2025risk 0.00cvss —epss 0.00
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda_admin_cad.php script. An attacker with access to an authenticated session can execute arbitrary…
- CVE-2024-55651May 7, 2025risk 0.00cvss —epss 0.00
i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field. Through…
- CVE-2024-12893Dec 22, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. Affected by this issue is some unknown functionality of the file /usuarios/tipos/2 of the component Tipo de Usuário Page. The manipulation of the argument name leads to cross…
- CVE-2024-55239Dec 18, 2024risk 0.00cvss —epss 0.00
A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter.
- CVE-2024-45059Aug 28, 2024risk 0.00cvss —epss 0.01
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates…
- CVE-2024-45058Aug 28, 2024risk 0.00cvss —epss 0.01
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to…
- CVE-2024-45057Aug 28, 2024risk 0.00cvss —epss 0.00
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The…
- CVE-2023-5578Oct 14, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agenda_imprimir.php of the component HTTP GET Request Handler. The manipulation of the argument…
Page 5 of 5