Name of the Vulnerable Software and Affected Versions:

Portabilis i-Educar versions up to 2.10

Description:

A vulnerability exists in Portabilis i-Educar up to version 2.10, specifically within the `/module/AreaConhecimento/view` file of the Listagem de áreas de conhecimento Page component. Manipulation of the `ID` argument can lead to a SQL injection. The attack can be executed remotely. The exploit is publicly available.

Recommendations:

Versions prior to 2.10 should be updated.

As a temporary workaround, restrict access to the `/module/AreaConhecimento/view` file.

Avoid using the `ID` parameter in the affected component until the issue is resolved.