Mpedraza2020

**Name of the Vulnerable Software and Affected Versions** mpedraza2020 Intranet del Monterroso versions up to 4.50.0 **Description** A critical issue was found in the file config/cargos.php, where the manipulation of the `dni profe` argument leads to sql injection. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions up to 4.50.0, upgrade to version 4.51.0 to address this issue. As a temporary workaround, consider restricting access to the vulnerable file config/cargos.php until the upgrade is applied. Avoid using the `dni profe` argument in the affected component until the issue is resolved.