CVE-2023-3689

Name of the Vulnerable Software and Affected Versions Bylancer QuickQR version 6.3.7

Description A critical issue was found in the GET Parameter Handler component of the /blog file, where the manipulation of the s argument leads to sql injection. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For Bylancer QuickQR version 6.3.7, as a temporary workaround, consider restricting access to the /blog file or disabling the GET Parameter Handler component until a patch is available. Avoid using the s argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.