CVE-2025-10846 CVE-2025-10846

CVE-2025-10846

Introduction

While exploring i-Educar, I identified a serious Boolean-Based SQL Injection flaw in the id parameter of the /module/ComponenteCurricular/edit endpoint.

With the help of the tool sqlmap, it was possible to exploit the flaw and extract information directly from the database.


What is CVE-2025-10846?

The CVE-2025-10846 describes a SQL Injection flaw in the /module/ComponenteCurricular/edit endpoint, where the id parameter is not properly validated.

Using Boolean techniques, it was possible to infer the database structure, access confidential data, and explore the backend without generating errors visible to the user.


Technical Details

» Vulnerable Endpoint: /module/ComponenteCurricular/edit

» Affected Parameter: id


Proof of Concept (PoC)

To demonstrate the vulnerability, the following command was used:

Terminal window
sqlmap -u "http://localhost:8086/module/ComponenteCurricular/edit?id=8" --cookie="i_educar_session=bnTu3HZ4Jk5a0JxRERNMd03ZAr1TUGvXZTDs9DdE" --batch --dbs --dbms=postgresql

The sqlmap will automatically test the id parameter, and after a few minutes it will begin revealing the available databases, confirming the injection:

With the injection confirmed, it was also possible to list tables and columns with additional sqlmap commands, highlighting the potential for data exfiltration:

You can access the full technical report with all step-by-step evidence here:

CVE-2025-10846 Report


Impact

This SQL Injection vulnerability can be exploited to:

  • Access sensitive data stored in the database;
  • Enumerate database schemas, tables, and columns;
  • Modify, delete, or insert arbitrary records;
  • Steal user credentials and personal information;
  • Perform a denial of service (DoS) attack by triggering long query delays;
  • In some cases, escalate to Remote Code Execution (RCE).

Official Sources

This vulnerability was reported responsibly and is publicly registered as:


Credits

Discovered with💜 by Karina Gante.

LinkedInGitHubGmailInstagram

Official Member of CVE-Hunters🏹


← Back to blog