CVE-2024-57178

Name of the Vulnerable Software and Affected Versions Stock-Forecaster versions <=01-04-2020

Description A vulnerability exists that allows for SQL injection. By sending a specially crafted stock-symbol parameter to the "portofolio()" endpoint, it is possible to trigger an SQL injection in the application. As a result, the attacker will be able to access user data or manipulate the software behavior.

Recommendations For Stock-Forecaster versions <=01-04-2020, as a temporary workaround, consider disabling the "portofolio()" endpoint until a patch is available. Restrict access to the stock-symbol parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.