CVE-2025-65022

Name of the Vulnerable Software and Affected Versions i-Educar versions prior to 2.10.0

Description i-Educar is school management software with a flaw that allows an authenticated attacker to execute arbitrary SQL commands against the application's database. This is due to improper handling of the cod agenda request parameter in the ieducar/intranet/agenda.php script, which is directly concatenated into SQL queries without sufficient sanitization. The vulnerability is a time-based SQL injection.

Recommendations Update i-Educar to a version later than 2.10.0.