ETS Soft ybc_blog before v4.4.0 exists to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts().
prestahero ybc blog