CNVD-2018-06472 Scanner

Cobub Razor is an open-source mobile application analytics system widely used for tracking user behavior and statistics on mobile applications. The primary purpose of this tool is to provide detailed multi-dimensional reports to users. Developed by Western Bridge, it is used by developers and analysts to gain insights into application performance.

The SQL injection vulnerability in Cobub Razor allows remote attackers to manipulate database queries by exploiting the 'channel_name' parameter. Such vulnerabilities can be detrimental to applications as they may lead to unintended database operations. Given the severity, it's crucial for users to address this vulnerability promptly.

The vulnerability specifically affects the endpoint '/index.php?/manage/channel/addchannel', where the 'channel_name' parameter is vulnerable to injection attacks. Malicious inputs can be embedded in SQL commands, allowing unauthorized access or modification of database content. The system fails to sanitize inputs properly, rendering it susceptible to this flaw.

When exploited, an attacker could potentially access sensitive information, compromise data integrity, or completely disrupt application services. Unauthorized users could extract data or perform actions without permissions, potentially leading to severe data breaches.

REFERENCES

• http://www.cobub.com/cobub-razor/