CVE-2025-65024

Name of the Vulnerable Software and Affected Versions i-Educar versions prior to 2.10.0

Description i-Educar is school management software with a flaw that allows an authenticated attacker to execute arbitrary SQL commands against the application's database. This is due to a time-based SQL injection in the ieducar/intranet/agenda admin cad.php script. The issue stems from the improper handling of the cod agenda GET parameter, which is directly incorporated into an SQL query without sufficient sanitization.

Recommendations Update i-Educar to a version later than 2.10.0.