Western Bridge · Western Bridge Cobub Razor · CVE-2018-8057
Name of the Vulnerable Software and Affected Versions:
Western Bridge Cobub Razor version 0.8.0
Description:
A SQL Injection issue exists, related to the `channel name` or `platform` parameter in a "/index.php?/manage/channel/addchannel" request. This is connected to the "/application/controllers/manage/channel.php" file.
Recommendations:
For version 0.8.0, avoid using the `channel name` or `platform` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "/index.php?/manage/channel/addchannel" endpoint to minimize the risk of exploitation.