CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic Stock Selection System
The Vulnerability Report of Stock Selection System
Summary
Vulnerability List
1. [CVE-2020-3937] SQL Injection
2. [CVE-2020-3938] Server-Side Request Forgery
3. [CVE-2020-3939] Cross-Site Scripting (Reflected XSS)
Details
1. SQL Injection
Description
There are several parameters that were affected by SQL Injection.
Impact
This vulnerability allows attackers to perform unwanted SQL queries and access arbitrary file in the database.
Known Affected Software
• versions before 20191223
2. Server-Side Request Forgery
Description
There are several parameters that were affected by Server-Side Request Forgery.
Impact
This vulnerability allows attackers to launch inquiries into network architecture or system files of the server via forged inquests.
Known Affected Software
• versions before 20191223
3. Cross-Site Scripting (Reflected XSS)
Description
There are several parameters that were affected by reflected XSS.
Impact
If an attacker can control a script that is executed in the victim's browser, personal information may be leaked to attackers via the vulnerability.
Known Affected Software
• versions before 20191223
Credits
• Jalong Chen (CHT Security)