2025-02-10 00:00:00
mitre
PUBLISHED
An SQL injection vulnerability exists in Stock-Forecaster <=01-04-2020. By sending a specially crafted stock-symbol parameter to the portofolio() endpoint, it is possible to trigger an SQL injection in the application. As a result, the attacker will be able the user data or manipulate the software behavior.