Name of the Vulnerable Software and Affected Versions:

Portabilis i-Educar versions up to 2.10

Description:

A SQL injection issue exists in the Agenda Module of Portabilis i-Educar. The issue is located in the `/intranet/agenda.php` file, affecting an unknown function. Manipulation of the `cod agenda` argument can trigger the injection. This can be initiated remotely. The exploit is publicly available.

Recommendations:

Versions prior to 2.10 should be updated.

As a temporary workaround, restrict access to the `/intranet/agenda.php` file.

Avoid using the `cod agenda` argument until the issue is resolved.