Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An SQL injection vulnerability exists in Stock-Forecaster <=01-04-2020. By sending a specially crafted 'stock-symbol' parameter to the portofolio() endpoint, it is possible to trigger an SQL injection in the application. As a result, the attacker will be able the user data or manipulate the software behavior.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Stock-Forecaster SQL注入漏洞
Vulnerability Description
Stock-Forecaster是一个基于人工智能的股票预测工具,旨在帮助投资者和交易者做出更明智的决策。 Stock-Forecaster 01-04-2020版本存在SQL注入漏洞,该漏洞源于portofolio接口的stock-symbol参数未过滤输入,导致SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A