CVE-2019-25505

Name of the Vulnerable Software and Affected Versions Tradebox version 5.4

Description An SQL injection issue exists in Tradebox version 5.4 that allows authenticated attackers to manipulate database queries. This is achieved by injecting SQL code through the symbol parameter. Attackers can send POST requests to the ''monthly deposit'' endpoint with malicious symbol values. Exploitation involves boolean-based blind, time-based blind, error-based, or union-based SQL injection techniques to extract sensitive database information.

Recommendations Apply a fix for Tradebox version 5.4 to address the SQL injection issue in the ''monthly deposit'' endpoint.