CVE-2025-10012
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| portabilis | i-educar | to 2.10.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10012 is a Blind Time-Based SQL Injection vulnerability in the 'ref_cod_aluno' parameter of the 'educar_historico_escolar_lst.php' endpoint in Portabilis i-Educar up to version 2.10. This vulnerability allows an attacker to inject malicious SQL code remotely by manipulating the input parameter, causing the backend database to execute unauthorized queries. The blind time-based nature means the attacker infers information by observing response delays rather than direct output, enabling unauthorized data access and manipulation. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to sensitive data such as credentials and personal information, database enumeration (retrieving schema, tables, and columns), data manipulation including inserting, updating, or deleting records, denial of service through induced time delays, and potentially privilege escalation or remote code execution depending on the database configuration. Ultimately, it can result in full compromise of the database and exposure of sensitive application and user data. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the ref_cod_aluno parameter of the educar_historico_escolar_lst.php endpoint for blind time-based SQL injection. A common method is to append a payload that causes a delay in the server response, such as: ref_cod_aluno=1 AND 6986=(SELECT 6986 FROM PG_SLEEP(5)). If the server response is delayed by approximately 5 seconds, it indicates the presence of the vulnerability. Additionally, attackers may use Google dorking with the query inurl:educar_historico_escolar_lst.php to identify potentially vulnerable targets. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable component or replacing it with an alternative product, as no known mitigations or countermeasures have been reported. Additionally, restricting access to the vulnerable endpoint, applying input validation and sanitization on the ref_cod_aluno parameter, and monitoring for suspicious activity can help reduce risk until a patch or fix is available. [3]