CVE-2023-39650

Name of the Vulnerable Software and Affected Versions Theme Volty CMS Blog versions up to v4.0.1

Description The issue is a SQL injection vulnerability that can be exploited via the id parameter at the "/tvcmsblog/single" API endpoint. This vulnerability allows attackers to inject malicious SQL code, potentially leading to unauthorized access or modification of sensitive data.

Recommendations For Theme Volty CMS Blog versions up to v4.0.1, as a temporary workaround, consider restricting access to the "/tvcmsblog/single" API endpoint until a patch is available. Avoid using the id parameter in this endpoint to minimize the risk of exploitation. Update to a version later than v4.0.1 when available.