Yot CMS is affected by a high-severity SQL injection vulnerability that could result in unauthorized database access and compromise of stored data.

The application fails to properly sanitize user-supplied input, leading to SQL injection. This allows attackers to manipulate backend database queries, potentially leading to unauthorized data disclosure or modification.

The CVSS score of 8.2 highlights the significant risk posed by this vulnerability. A successful attack could lead to the total compromise of the CMS database, potentially exposing all content, user credentials, and administrative settings.

Immediate Action: Update Yot CMS to the latest version provided by the vendor to resolve the injection flaw.

Proactive Monitoring: Audit application logs for unusual activity or signs of database enumeration attempts.

Compensating Controls: Implement WAF rules to detect and block SQL injection payloads directed at the application.

Public Exploit Available: false

Security teams must ensure that the CMS is updated immediately. Given the severity of SQL injection vulnerabilities, this should be treated as a priority task to maintain the confidentiality and integrity of the application.