Cobub Razor vulnerabilities
9 known vulnerabilities affecting cobub/razor.
Total CVEs
9
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2018-8770P3MEDIUMCVSS 5.3PoCv0.8.02018-03-18
CVE-2018-8770 [MEDIUM] CWE-200 CVE-2018-8770: Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getCo
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controll
nvd
CVE-2018-7745P3HIGHCVSS 7.5PoCv0.7.22018-03-07
CVE-2018-7745 [HIGH] CWE-287 CVE-2018-7745: An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /ind
An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/install/installation/createuserinfo requests, resulting in account creation.
nvd
CVE-2018-8056P3HIGHCVSS 7.5PoCv0.8.02018-03-11
CVE-2018-8056 [HIGH] CWE-200 CVE-2018-8056: Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name paramet
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php.
nvd
CVE-2018-7746P3HIGHCVSS 8.8PoCv0.7.22018-03-07
CVE-2018-7746 [HIGH] CWE-79 CVE-2018-7746: An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /ind
An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.
nvd
CVE-2024-28421P3CRITICALCVSS 9.8v0.8.02024-03-25
CVE-2024-28421 [CRITICAL] CWE-89 CVE-2024-28421: SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the C
SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php
nvd
CVE-2019-10276P3CRITICALCVSS 9.8v0.8.02019-03-29
CVE-2019-10276 [CRITICAL] CWE-434 CVE-2019-10276: Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.ph
Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type.
nvd
CVE-2018-7720P3HIGHCVSS 8.8v0.7.22018-03-07
CVE-2018-7720 [HIGH] CWE-352 CVE-2018-7720: A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /in
A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation.
nvd
CVE-2022-36747P4MEDIUMCVSS 6.1v0.8.02022-08-30
CVE-2022-36747 [MEDIUM] CWE-79 CVE-2022-36747: Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function u
Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel().
nvd
CVE-2005-2024P4MEDIUMCVSS 5.0≥ 0, < 2.720-12005-06-17
CVE-2005-2024 [MEDIUM] CVE-2005-2024: Vipul Razor Agents (razor-agents) before 2
Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers to cause a denial of service via (1) certain "unusual HTML messages" or (2) "certain malformed headers" such as Content-Type.
osv