Vulnerability
SQL injection attacks are injection attacks in which SQL commands are inserted into data-plane input to influence the execution of predetermined SQL commands.Remote SQL injection vulnerability has been discovered in eTouch v2. A successful SQL injection exploit can read sensitive data from the database, modify database data , perform database administration operations, recover the content of a given file on the DBMS file system, and in some cases, issue commands to the operating system.
Mitigation / Precaution
In order to patch this vulnerability, please install the official patch eTouch made available for supported, vulnerable instances.
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
