CVE-2025-2200

SQL injection vulnerability in the IcProgreso Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query on the parameters user, id, idGroup, start_date and end_date in the endpoint /report/icprogreso/generar_blocks.php.

CVSS

No CVSS.

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-moodle-innovacion-y-cualificacion-plugins

Configurations

No configuration.

History

18 Mar 2025, 16:15

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de inyección de QL en el complemento IcProgreso Innovación y Cualificación. Esta vulnerabilidad permite a un atacante obtener, actualizar y eliminar datos de la base de datos mediante la inyección de una consulta SQL en los parámetros usuario, idGroup, start_date and end_date del endpoint /report/icprogreso/generar_blocks.php.
Summary	(en) QL injection vulnerability in the IcProgreso Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query on the parameters user, id, idGroup, start_date and end_date in the endpoint /report/icprogreso/generar_blocks.php.	(en) SQL injection vulnerability in the IcProgreso Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query on the parameters user, id, idGroup, start_date and end_date in the endpoint /report/icprogreso/generar_blocks.php.

17 Mar 2025, 11:15

Type	Values Removed	Values Added
Summary	(en) QL injection vulnerability in the IcProgress Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query on the parameters user, id, idGroup, start_date and end_date in the endpoint /report/icprogreso/generar_blocks.php.	(en) QL injection vulnerability in the IcProgreso Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query on the parameters user, id, idGroup, start_date and end_date in the endpoint /report/icprogreso/generar_blocks.php.

17 Mar 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-17 10:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-2200

Mitre link : CVE-2025-2200

CVE.ORG link : CVE-2025-2200

JSON object : View

Products Affected

No product.

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

JSON object

Attach tags to CVE-2025-2200

Attach tags to `CVE-2025-2200`