CVE-2023-3690

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
16/07/2023
Last modified:
17/05/2024

Description

A vulnerability, which was classified as critical, has been found in Bylancer QuickOrder 6.3.7. Affected by this issue is some unknown functionality of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-234236. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:bylancer:quickorder:6.3.7:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools