Vulnerabilities

CVE-2025-41009

by Fred · 27/10/2025

SQL injection vulnerability in the DRED virtual campus platform. This vulnerability allows an attacker to retrieve, create, update, and delete data from the database by sending a POST request using the ‘buscame’ parameter in ‘/catalogo_c/catalogo.php’.

More information : https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-virtual-campus-platform-diseno-de-recursos-educativos

Similar

Tags: Cybersecurity Alert