Visegripped

**Name of the Vulnerable Software and Affected Versions** visegripped Stracker (affected versions not specified) **Description** A critical vulnerability was found in visegripped Stracker. The issue affects the `getHistory` function of the file `doc root/public html/stracker/api.php`. The manipulation of the arguments `symbol`, `startDate`, and `endDate` leads to SQL injection. **Recommendations** To fix this issue, it is recommended to apply a patch. As a temporary workaround, consider disabling the `getHistory` function until a patch is available. Restrict access to the `doc root/public html/stracker/api.php` file to minimize the risk of exploitation. Avoid using the arguments `symbol`, `startDate`, and `endDate` in the affected API endpoint until the issue is resolved.