CVE-2023-39639

Name of the Vulnerable Software and Affected Versions LeoTheme leoblog versions up to 3.1.2

Description The issue is related to a SQL injection vulnerability. It affects the component LeoBlogBlog::getListBlogs(). There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For versions up to 3.1.2, consider disabling the getListBlogs() function in the LeoBlogBlog component as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.