5 matches found
ECTouch v2 - SQL Injection
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr'id' parameter at \default\helpers\insert.php. id: CVE-2023-39560 info: name: ECTouch v2 - SQL Injection author: s4e-io severity: critical description: | ECTouch v2 was discovered to contain a SQL injection vulnerabili...
CVE-2023-39560
creationtimestamp| type| source ---|---|--- 2023-08-28 20:16:46+00:00| seen| https://t.me/cibsecurity/69302...
CVE-2023-39560
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr'id' parameter at \default\helpers\insert.php...
CVE-2023-39560
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr'id' parameter at \default\helpers\insert.php...
CVE-2023-39560
ECTouch v2 is affected by a SQL injection flaw in default/helpers/insert.php via the id parameter ($arr['id']). The vulnerability allows unauthenticated attackers to extract database contents (e.g., customer data, orders, payments). Root cause: use of non-parameterized SQL queries. Evidence from ...