CVE-2025-9684
published 2025-08-30CVE-2025-9684: A vulnerability was determined in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/edit of the component Formula…
PriorityP351high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.35%
27.0th percentile
A vulnerability was determined in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/edit of the component Formula de Cálculo de Média Page. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| portabilis | i-educar | <= 2.10 | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SERVER SonicWall SRA Post-Auth viewcert CGI Command Injection (CVE-2016-9684)
suricata·2025-04-14·CVSS 9.8
CVE-2016-9684 [CRITICAL] ET WEB_SERVER SonicWall SRA Post-Auth viewcert CGI Command Injection (CVE-2016-9684)
ET WEB_SERVER SonicWall SRA Post-Auth viewcert CGI Command Injection (CVE-2016-9684)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SERVER SonicWall SRA Post-Auth viewcert CGI Command Injection (CVE-2016-9684)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/cgi-bin/viewcert"; fast_pattern; http.request_body; content:"CERT|3d|"; pcre:"/^[^\x26\x0d\x0a]*?[\x3b\x60\x7c]/R"; reference:url,www.exploit-db.com/exploits/42343; reference:cve,2016-9684; classtype:web-application-attack; sid:2061547; rev:1; metadata:affected_product SonicWall, attack_target Server, tls_state TLSDecrypt, created_at 2025_04_14, cve CVE_2016_9684, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, updated_at 20
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9684.mdhttps://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(Blind%20Time-Based)%20Vulnerability%20in%20%60id%60%20Parameter%20on%20%60.module.FormulaMedia.edit%60%20Endpoint.mdhttps://vuldb.com/?ctiid.321896https://vuldb.com/?id.321896https://vuldb.com/?submit.638574https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9684.md
2025-08-30
Published