CVE-2023-3686

Name of the Vulnerable Software and Affected Versions Bylancer QuickAI OpenAI version 3.8.1

Description A critical issue affects the GET Parameter Handler component, specifically the file /blog, where manipulation of the s argument leads to sql injection. This issue can be initiated remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For version 3.8.1, consider disabling the s argument in the GET Parameter Handler to minimize the risk of sql injection until a patch is available. Restrict access to the /blog file to reduce the attack surface.