CVE-2025-10846
📋 TL;DR
This SQL injection vulnerability in Portabilis i-Educar allows attackers to manipulate database queries through the /module/ComponenteCurricular/edit endpoint. Attackers can potentially read, modify, or delete sensitive data in the database. All users running i-Educar versions up to 2.10 are affected.
💻 Affected Systems
- Portabilis i-Educar
📦 What is this software?
I Educar by Portabilis
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including sensitive student/administrator data exposure, data manipulation, or potential remote code execution through database functions.
Likely Case
Unauthorized data access and extraction of sensitive information from the i-Educar database.
If Mitigated
Limited impact with proper input validation and database permissions restricting damage to non-critical data.
🎯 Exploit Status
Proof of concept is publicly available, making exploitation straightforward for attackers with basic SQL injection knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 2.11 or later
Vendor Advisory: https://github.com/portabilis/i-educar/releases
Restart Required: No
Instructions:
1. Backup your i-Educar installation and database. 2. Update to i-Educar version 2.11 or later. 3. Verify the /module/ComponenteCurricular/edit endpoint now properly validates the ID parameter.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side input validation to sanitize the ID parameter before processing.
Implement parameterized queries or prepared statements for all database operations involving the ID parameter
Web Application Firewall
allDeploy WAF rules to block SQL injection patterns targeting the vulnerable endpoint.
Configure WAF to block requests containing SQL keywords like UNION, SELECT, INSERT, UPDATE, DELETE when sent to /module/ComponenteCurricular/edit
🧯 If You Can't Patch
- Restrict network access to the i-Educar application to trusted IP addresses only
- Implement database user privilege restrictions to limit potential damage from SQL injection
🔍 How to Verify
Check if Vulnerable:
Test the /module/ComponenteCurricular/edit endpoint with SQL injection payloads in the ID parameter (e.g., ID=1' OR '1'='1).Check Version:
Check i-Educar version in administration panel or review application version filesVerify Fix Applied:
Attempt SQL injection tests against the patched endpoint and verify they are blocked or properly handled.📡 Detection & Monitoring
Log Indicators:
- Unusual database query patterns
- Multiple failed login attempts followed by SQL error messages
- Requests to /module/ComponenteCurricular/edit with SQL keywords in parameters
Network Indicators:
- Unusual traffic patterns to the vulnerable endpoint
- SQL error messages in HTTP responses
SIEM Query:
source="web_logs" AND uri_path="/module/ComponenteCurricular/edit" AND (param_ID CONTAINS "'" OR param_ID CONTAINS "UNION" OR param_ID CONTAINS "SELECT")