CVE-2023-36652 is a medium-severity SQL Injection vulnerability identified in the users searching REST API endpoint of ProLion CryptoSpike version 3.0.15P2. This vulnerability allows remote authenticated attackers to inject arbitrary SQL commands through the search parameter, enabling unauthorized reading of database data. The flaw resides in improper sanitization or validation of user-supplied input within the search parameter, which is directly incorporated into SQL queries. Exploiting this vulnerability requires the attacker to have valid authentication credentials, but no user interaction beyond that is necessary. The vulnerability affects the confidentiality of the database contents, as attackers can extract sensitive information stored in the backend database. However, it does not impact data integrity or availability, as the injection is limited to read-only operations. The CVSS 3.1 base score is 4.3, reflecting the medium severity due to the need for authentication and the limited scope of impact. No known public exploits have been reported in the wild, and no patches or vendor advisories are currently available. The vulnerability is classified under CWE-89, which corresponds to SQL Injection issues.

For European organizations using ProLion CryptoSpike 3.0.15P2, this vulnerability poses a risk to the confidentiality of sensitive user data stored within the application's database. Since the vulnerability requires authenticated access, the threat is primarily from insiders or attackers who have compromised legitimate credentials. The ability to read database contents could lead to exposure of personally identifiable information (PII), financial data, or other sensitive business information, potentially violating GDPR and other data protection regulations in Europe. This could result in regulatory penalties, reputational damage, and loss of customer trust. Although the vulnerability does not allow data modification or service disruption, the unauthorized data disclosure alone is significant, especially for organizations handling critical or regulated data. The lack of known exploits reduces immediate risk, but the presence of this vulnerability in a financial or crypto-related product increases the attractiveness for targeted attacks.

European organizations should implement the following specific mitigations: 1) Restrict access to the ProLion CryptoSpike application to trusted users and networks, enforcing strong authentication and monitoring for suspicious login activity. 2) Conduct immediate code review and input validation improvements on the users searching REST API endpoint to sanitize and parameterize SQL queries, eliminating injection vectors. 3) If possible, apply any vendor patches or updates once released; in the absence of patches, consider temporary compensating controls such as web application firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the search parameter. 4) Implement strict database access controls limiting the privileges of the application user account to read-only access on necessary tables only, reducing potential data exposure. 5) Monitor database query logs and application logs for anomalous queries or access patterns indicative of exploitation attempts. 6) Educate users on credential security to prevent unauthorized access that could lead to exploitation.