Portabilis i-Educar SQL Injection Vulnerability in educar_historico_escolar_lst.php

A SQL injection vulnerability has been identified in the Portabilis i-Educar application, affecting versions up to 2.10. The vulnerability resides in the educar_historico_escolar_lst.php file, specifically within the ref_cod_aluno parameter. This flaw allows remote attackers to inject malicious SQL payloads, which are executed by the application's database. The lack of proper input validation and sanitization in the ref_cod_aluno parameter enables this exploitation.

Impact

Exploitation of this vulnerability allows for unauthorized execution of SQL commands, leading to potential database compromise. This could include unauthorized data access, database enumeration, data manipulation, and causing a denial-of-service condition through time-based injection. Additionally, depending on the database configuration, there could be risks of privilege escalation or remote code execution.

Reproduction

The vulnerability can be reproduced by sending a GET request to the educar_historico_escolar_lst.php endpoint with a crafted ref_cod_aluno parameter. The injected SQL payload can be designed to introduce a time delay in the server response, confirming the successful execution of the SQL injection.