cbcvebase.
CVE-2023-39560
published 2023-08-28

CVE-2023-39560: ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.11%
89.5th percentile
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
ectouchectouch

Detection & IOCsextracted from sources · hover to see the quote

path\default\helpers\insert.php
url/index.php?m=default&c=user&a=register&u=0
other554fcae493e564ee0dc75bdf2ebf94cabought_notes|a:1:{s:2:"id";s:49:"0&&updatexml(1,concat(0x7e,(database()),0x7e),1)#";}
yara
regex: "XPATH syntax error: '~[^~]+~'"
  • The SQL injection payload is delivered via the HTTP Referer header (not a query parameter), using a serialized PHP session cookie value containing the updatexml() error-based SQLi payload targeting the $arr['id'] parameter.
  • Successful exploitation produces an XPATH syntax error response in the HTTP body matching the pattern "XPATH syntax error: '~<dbname>~'", which can be used as a detection signature.
  • The attack targets the ECTouch v2 registration endpoint. Monitor for requests to /index.php?m=default&c=user&a=register with suspicious Referer headers containing serialized PHP data and SQL functions like updatexml/concat.
  • ECTouch v2 instances can be fingerprinted via FOFA using icon_hash="127711143" to identify exposed targets.
  • ·The vulnerability is unauthenticated (PR:N) with network attack vector and no user interaction required, making it trivially exploitable remotely.
  • ·EPSS score of ~60.8% (98th percentile) indicates high real-world exploitation probability; prioritize detection and patching accordingly.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.