CVE-2025-9608

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions up to 2.10

Description A vulnerability exists in Portabilis i-Educar up to version 2.10, specifically within the /module/FormulaMedia/view file of the Formula de Cálculo de Média Page component. Manipulation of the ID argument can lead to SQL injection. Remote exploitation is possible, and the exploit has been publicly disclosed.

Recommendations Versions prior to 2.10 should be updated. As a temporary workaround, restrict access to the /module/FormulaMedia/view file to minimize the risk of exploitation. Sanitize the ID parameter before using it in any database queries.