The id parameter of the get_script/index.php page is not sanitised when used in a SQL statement, leading to an unauthenticated blind SQL Injection issue. Vendor was contacted by researcher, on March 3rd, 2020 but no reply was received.
The PoC will be displayed once the issue has been remediated