A vulnerability labeled as critical has been found in Disenno de Recursos Educativos Virtual Campus Platform. The affected element is an unknown function of the file /catalogo_c/catalogo.php of the component POST Request Handler. Such manipulation of the argument buscame leads to sql injection.
This vulnerability is documented as CVE-2025-41009. The attack can be executed remotely. There is not any exploit available.
