8/27/2025/4 minutes to read/Tags: CVEs, SQLi, i-Educar
Introduction
While exploring i-Educar, I uncovered a critical time-based blind SQL Injection vulnerability in the cod_agenda parameter of the /intranet/agenda.php endpoint.
This flaw allows attackers to execute arbitrary SQL queries silently against the backend database, putting data confidentiality, integrity, and availability at risk.
What is CVE-2025-9531?
The CVE-2025-9531 is a SQL Injection vulnerability in the /intranet/agenda.php endpoint of the i-Educar application.
The vulnerable parameter is cod_agenda, which lacks proper input validation. This makes it possible to inject custom SQL queries, including PG_SLEEP() functions that introduce time delays, confirming the flaw via time-based behavior.
Technical Details
» Vulnerable Endpoint:/intranet/agenda.php
» Affected Parameter:cod_agenda
» Payload Used (Decoded):
' AND 4698=(SELECT 4698 FROM PG_SLEEP(5)) AND 'xiCO'='xiCO
Proof of Concept (PoC)
To reproduce the vulnerability:
» Access the vulnerable endpoint and click on:“Novo Compromisso”;
» Fill in the required fields and click on:“Save”;