Name of the Vulnerable Software and Affected Versions:

Portabilis i-Educar versions up to 2.10

Description:

A security issue has been identified in Portabilis i-Educar. Manipulation of the `ref cod aluno` argument in the `educar historico escolar lst.php` file can lead to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed.

Recommendations:

Versions prior to 2.10 should be updated. As a temporary workaround, restrict access to the `educar historico escolar lst.php` file to minimize the risk of exploitation. Avoid using the `ref cod aluno` parameter in the affected file until the issue is resolved.