PT-2022-20756 · Inout Blockchain · Inout Blockchain Altexchanger

Mohamed N. Ali

Published

2022-05-23

Updated

2022-05-30

CVE-2022-31487

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Inout Blockchain AltExchanger version 1.2.1 Inout Blockchain FiatExchanger version 2.2.1

Description The issue allows SQL injection through the symbol parameter in the "Chart/TradingView/chart content/master.php" endpoint. This could potentially lead to unauthorized access or manipulation of data.

Recommendations For Inout Blockchain AltExchanger version 1.2.1, avoid using the symbol parameter in the "Chart/TradingView/chart content/master.php" endpoint until the issue is resolved. For Inout Blockchain FiatExchanger version 2.2.1, restrict access to the "Chart/TradingView/chart content/master.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2022-31487

Affected Products

Inout Blockchain Altexchanger

PT-2022-20756 · Inout Blockchain · Inout Blockchain Altexchanger

CVE-2022-31487

Weakness Enumeration

Related Identifiers

Affected Products

References · 6