Name of the Vulnerable Software and Affected Versions:

Portabilis i-Educar versions prior to 2.11

Description:

A SQL injection issue exists in an unknown functionality of the file `/intranet/agenda preferencias.php`. Manipulation of the `cod agenda` argument can trigger the issue. The attack can be initiated remotely, and the exploit is publicly available.

Recommendations:

Update to version 2.11 or later.

As a temporary workaround, restrict access to the `/intranet/agenda preferencias.php` file.

Sanitize the `cod agenda` argument to prevent SQL injection.