CVE-2025-10845 CVE-2025-10845

CVE-2025-10845

Introduction

While exploring i-Educar, I uncovered a critical time-based blind SQL Injection vulnerability in the id parameter of the /module/ComponenteCurricular/view endpoint.

This flaw allows attackers to execute arbitrary SQL queries silently against the backend database, putting data confidentiality, integrity, and availability at risk.


What is CVE-2025-10845?

The CVE-2025-10845 is a SQL Injection vulnerability in the /module/ComponenteCurricular/view endpoint of the i-Educar application.

The vulnerable parameter is id, which lacks proper input validation. This makes it possible to inject custom SQL queries, including PG_SLEEP() functions that introduce time delays, confirming the flaw via time-based behavior.


Technical Details

» Vulnerable Endpoint: /module/ComponenteCurricular/view

» Affected Parameter: id

» Payload Used (Decoded):

' AND 6606=(SELECT 6606 FROM PG_SLEEP(5)) AND 'QDaZ'='QDaZ

Proof of Concept (PoC)

To reproduce the vulnerability:

» Access /intranet/educar_componente_curricular_lst.php and choose (click on) any register;

For this example was choosen "Ensino Religioso" register which id=8.

» In the vulnerable endpoint, the payload must be inserted after id number (e.g. “id=8HERE”).

The server will take 5 seconds to respond, confirming that the SQL query was executed successfully:

You can access the full technical report with all step-by-step evidence here:

CVE-2025-10845 Report


Impact

This SQL Injection vulnerability can be exploited to:

  • Access sensitive data stored in the database;
  • Enumerate database schemas, tables, and columns;
  • Modify, delete, or insert arbitrary records;
  • Steal user credentials and personal information;
  • Perform a denial of service (DoS) attack by triggering long query delays;
  • In some cases, escalate to Remote Code Execution (RCE).

Official Sources

This vulnerability was reported responsibly and is publicly registered as:


Credits

Discovered with💜 by Karina Gante.

LinkedInGitHubGmailInstagram

Official Member of CVE-Hunters🏹


← Back to blog