Portabilis i-Diario SQL Injection Vulnerability in User Types Management Page

A SQL injection vulnerability has been identified in the Portabilis i-Diario application, affecting versions through 2.10. The issue arises in the 'nm_tipo' parameter of the 'educar_tipo_usuario_lst.php' endpoint within the 'Tipos de usàrio Page' component. This vulnerability allows remote attackers to inject malicious SQL payloads, which are executed by the application's database. Exploitation of this flaw could lead to unauthorized data access, database enumeration, data manipulation, and a denial-of-service condition through time-based SQL injection techniques.

Impact

Exploitation of this vulnerability allows for blind, time-based SQL injection, where an attacker can execute arbitrary SQL commands that are not properly sanitized. This could be used to extract, modify, or delete database information, and potentially disrupt the application's availability by causing delays in server response times.

Reproduction

To reproduce this vulnerability, log into the application and navigate to 'Configurations > Permissions > User Types'. Once there, send a GET request to the 'intranet/educar_tipo_usuario_lst.php' endpoint with a crafted 'nm_tipo' parameter that includes a SQL injection payload. The request should also include a valid session cookie to authenticate the user.