CVE-2023-39560

Name of the Vulnerable Software and Affected Versions ECTouch version 2

Description The issue is a SQL injection vulnerability. It occurs via the id parameter at the defaulthelpersinsert.php location. This allows for potential exploitation by injecting malicious SQL code.

Recommendations For ECTouch version 2, as a temporary workaround, consider restricting access to the defaulthelpersinsert.php file until a patch is available. Avoid using the id parameter in the affected location to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.