Name of the Vulnerable Software and Affected Versions:

Portabilis i-Educar versions up to 2.10

Description:

A security flaw has been discovered in Portabilis i-Educar. The issue affects processing of the file `/module/AreaConhecimento/edit` of the Listagem de áreas de conhecimento Page component. Manipulation of the `ID` argument results in SQL injection. The attack is possible to be carried out remotely. The exploit has been released to the public.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.