Skip to main content

Ectouch

2 CVEs product

Monthly

CVE-2023-39560 CRITICAL POC Act Now

ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ectouch
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2022-25098 PHP CRITICAL Act Now

ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ectouch
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ectouch
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ectouch
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy