Interchange contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that an unknown variable in an unspecified script is not verified properly and will allow an attacker to inject or manipulate SQL queries. No further details have been released.
Upgrade to version 4.8.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.