CVE-2023-39650

An unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the `/tvcmsblog/single` endpoint. The vulnerability lies in the handling of the `id` parameter, which is directly incorporated into a SQL query without proper sanitization. By manipulating this parameter, an attacker can inject malicious SQL code to manipulate the database [ref_id=1]. The attack can be concealed within standard HTTP requests, making detection difficult without specific logging configurations [ref_id=1].

The vulnerability exists within the `TvcmsBlogSingleModuleFrontController::run()` method in the `tvcmsblog/controllers/front/single.php` file. Specifically, the code responsible for retrieving and processing IP address information from HTTP headers is susceptible to injection.

The patch, applied in version 4.0.2, addresses the SQL injection vulnerability by improving the sanitization of IP address retrieval. The original code directly used potentially untrusted HTTP headers like `CLIENT_IP` and `X_FORWARDED_FOR` in sensitive SQL operations. The updated code ensures that these values are handled more securely, preventing them from being used in a way that could lead to SQL injection [ref_id=1].