Name of the Vulnerable Software and Affected Versions:

Portabilis i-Educar versions up to 2.10

Description:

A vulnerability exists in Portabilis i-Educar up to version 2.10, specifically within the `/module/FormulaMedia/edit` file of the Formula de Cálculo de Média Page component. Manipulation of the `ID` argument can lead to SQL injection. Remote exploitation is possible, and the exploit has been publicly disclosed.

Recommendations:

Versions prior to 2.10 should be updated.

As a temporary workaround, restrict access to the `/module/FormulaMedia/edit` file.

Sanitize the `ID` argument to prevent SQL injection.