First published: Wed Nov 15 2023(Updated: )
ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts().
|Affected Software||Affected Version||How to fix|
|Prestahero Ybc Blog||<4.4.0|
The vulnerability ID is CVE-2023-43979.
The severity of CVE-2023-43979 is critical (9.8).
The SQL injection vulnerability in ETS Soft ybc_blog before v4.4.0 can be exploited through the component Ybc_blogBlogModuleFrontController::getPosts().
Prestahero Ybc Blog versions up to (but not including) 4.4.0 are affected.
Yes, updating to version 4.4.0 or higher of ETS Soft ybc_blog will fix the vulnerability.