VYPR
Vendor

I Educar

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2024-55651MedMay 8, 2025
    risk 0.35cvss 5.4epss 0.00

    i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field. Through…

  • CVE-2025-65024HigNov 19, 2025
    risk 0.00cvss 7.2epss 0.00

    i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda_admin_cad.php script. An attacker with access to an authenticated session can execute arbitrary…

  • CVE-2025-65023HigNov 19, 2025
    risk 0.00cvss 7.2epss 0.00

    i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionario_vinculo_cad.php script. An attacker with access to an authenticated session can execute…

  • CVE-2025-65022HigNov 19, 2025
    risk 0.00cvss 7.2epss 0.00

    i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL…

  • CVE-2024-45058HigAug 28, 2024
    risk 0.00cvss 8.1epss 0.01

    i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to…

  • CVE-2024-45057MedAug 28, 2024
    risk 0.00cvss 6.1epss 0.00

    i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The…