CVE-2025-41009
SQL injection on the virtual campus platform of Diseño de Recursos Educativos
SQL injection vulnerability in the DRED virtual campus platform. This vulnerability allows an attacker to retrieve, create, update, and delete data from the database by sending a POST request using the ‘buscame’ parameter in ‘/catalogo_c/catalogo.php’.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Disenno de Recursos Educativos S.L · virtual campus platformQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →