Security Advisory

CVE-2025-41009

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-27 11:35:35

Last updated 2025-10-27 13:17:02

Assigner INCIBE

State PUBLISHED

Description

SQL injection vulnerability in the DRED virtual campus platform. This vulnerability allows an attacker to retrieve, create, update, and delete data from the database by sending a POST request using the ‘buscame’ parameter in ‘/catalogo_c/catalogo.php’.

← Browse all CVEs View on cve.org ↗