M3M0O

**Name of the Vulnerable Software and Affected Versions** Portabilis i-Educar versions up to 2.9.10 **Description** A security issue exists in Portabilis i-Educar. The problem relates to insecure inherited permissions within the User Type Handler component, specifically in the file `app/Http/Controllers/AccessLevelController.php`. This manipulation can be initiated remotely. The details of the exploit have been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Engeman Web versions through 12.0.0.1 **Description** A critical vulnerability exists in Engeman Web. The issue affects an unknown function within the `/Login/RecoveryPass` file of the Password Recovery Page component. Manipulation of the `LanguageCombobox` argument, as part of a Cookie, leads to a SQL injection. The attack can be launched remotely, and the exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Engeman Web versions prior to 12.0.0.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability.