CVE-2022-37786

Name of the Vulnerable Software and Affected Versions WeCube Platform version 3.2.2

Description An issue was discovered in WeCube Platform, where multiple CSV injection issues exist. The affected pages include the Home / Admin / Resources page, the Home / Admin / System Params page, and the Home / Design / Basekey Configuration page.

Recommendations For WeCube Platform version 3.2.2, consider restricting access to the affected pages, including the Home / Admin / Resources page, the Home / Admin / System Params page, and the Home / Design / Basekey Configuration page, until a patch is available. As a temporary workaround, avoid using CSV imports on these pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.