Submit #657691: Portabilis i-Educar 2.10 SQL Injectioninfo

TitelPortabilis i-Educar 2.10 SQL Injection
BeschreibungSQL Injection (Boolean-Based) Vulnerability in id Parameter on module/ComponenteCurricular/edit Endpoint Summary A SQL Injection vulnerability was identified in the /module/ComponenteCurricular/edit endpoint of the i-educar application, specifically in the id parameter. This vulnerability allows attackers to execute arbitrary SQL commands on the backend database, potentially compromising the confidentiality, integrity, and availability of application data. Details Vulnerable Endpoint: /module/ComponenteCurricular/edit Parameter: id The application fails to properly validate and sanitize user input in the id parameter. As a result, attackers can inject crafted SQL payloads that are executed directly by the database. This could allow database enumeration, data exfiltration, modification, or denial of service via time-based delays. PoC Step by Step: Install sqlmap tool and type the command below: Payload: sqlmap -u "http://localhost:8086/module/ComponenteCurricular/edit?id=8" --cookie="i_educar_session=bnTu3HZ4Jk5a0JxRERNMd03ZAr1TUGvXZTDs9DdE" --batch --dbs --dbms=postgresql sqlmap begins to test a lot of SQLi in id parameter until find a boolean-based blind: image 1: https://github.com/KarinaGante/KG-Sec/raw/main/CVEs/images/SQLi18.png Some time after, sqlmap will enumerate available databases confirming that SQL Injection: image 2: https://github.com/KarinaGante/KG-Sec/raw/main/CVEs/images/SQLi19.png Impact Unauthorized data access: Reading sensitive information such as credentials, personal data, or configuration details Database enumeration: Extracting database schema, tables, and column details Data manipulation: Adding, modifying, or deleting database records. Denial of Service (DoS): Using time-based queries to impact system availability. Potential escalation to RCE: If combined with other vulnerabilities and specific database features. Finder Discovered by Karina Gante.
Quelle⚠️ https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/27.md
Benutzer
 karinagante (UID 88113)
Einreichung18.09.2025 01:56 (vor 9 Monaten)
Moderieren22.09.2025 07:35 (4 days later)
StatusAkzeptiert
VulDB Eintrag325208 [Portabilis i-Educar bis 2.10 edit ID SQL Injection]
Punkte20

ZurückÜbersichtWeiter

Want to stay up to date on a daily basis?

Enable the mail alert feature now!