CVE-2009-3148

Name of the Vulnerable Software and Affected Versions: PortalXP Teacher Edition version 1.2

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the id parameter to API endpoints such as "calendar.php", "news.php", and "links.php", and the assignment id parameter to "assignments.php".

Recommendations: For PortalXP Teacher Edition version 1.2, consider restricting access to the "calendar.php", "news.php", "links.php", and "assignments.php" API endpoints until a patch is available. Avoid using the id and assignment id parameters in these endpoints to minimize the risk of exploitation.