Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
Tradebox 5.4: Attackers can steal sensitive database information
CVE-2019-25505
Summary
An attacker with a Tradebox 5.4 account can send special kinds of requests to extract sensitive data from the database. This is a serious security risk because it allows unauthorized access to confidential information. Update to the latest version of Tradebox to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| bdtask | tradebox | 5.4 | – |
Original title
Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST r...
Original description
Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthly_deposit endpoint with malicious symbol values using boolean-based blind, time-based blind, error-based, or union-based SQL injection techniques to extract sensitive database information.
nvd CVSS3.1
7.1
nvd CVSS4.0
7.1
Vulnerability type
CWE-89
SQL Injection
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026