CVE-2025-41009

Publication date

2025-10-27 11:35:35

Family

INCIBE

State

PUBLISHED

Description

SQL injection vulnerability in the DRED virtual campus platform. This vulnerability allows an attacker to retrieve, create, update, and delete data from the database by sending a POST request using the ‘buscame’ parameter in ‘/catalogo_c/catalogo.php’.