CVE-2025-41009
SQL injection on the virtual campus platform of Diseño de Recursos Educativos
SQL injection vulnerability in the DRED virtual campus platform. This vulnerability allows an attacker to retrieve, create, update, and delete data from the database by sending a POST request using the ‘buscame’ parameter in ‘/catalogo_c/catalogo.php’.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Disenno de Recursos Educativos S.L · virtual campus platform¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →