Описание
An SQL injection vulnerability exists in Stock-Forecaster <=01-04-2020. By sending a specially crafted 'stock-symbol' parameter to the portofolio() endpoint, it is possible to trigger an SQL injection in the application. As a result, the attacker will be able the user data or manipulate the software behavior.
EPSS
Процентиль: 8%
0.00029
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 5.9
github
12 месяцев назад
An SQL injection vulnerability exists in Stock-Forecaster <=01-04-2020. By sending a specially crafted 'stock-symbol' parameter to the portofolio() endpoint, it is possible to trigger an SQL injection in the application. As a result, the attacker will be able the user data or manipulate the software behavior.
EPSS
Процентиль: 8%
0.00029
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-89