CVE-2023-3624

Name of the Vulnerable Software and Affected Versions Nesote Inout Blockchain FiatExchanger version 3.0

Description A critical vulnerability has been found in the component POST Parameter Handler, affecting an unknown part of the file /index.php/coins/update marketboxslider. The manipulation of the marketcurrency argument leads to SQL injection, allowing remote attacks. The vendor was contacted about this disclosure but did not respond.

Recommendations For Nesote Inout Blockchain FiatExchanger version 3.0, as a temporary workaround, consider restricting access to the /index.php/coins/update marketboxslider endpoint until a patch is available. Avoid using the marketcurrency argument in the affected POST Parameter Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.