2021-04-09 22:10:04 +00:00
id : CVE-2018-8770
2022-04-22 10:38:41 +00:00
2021-04-09 22:10:04 +00:00
info :
2023-01-30 21:27:22 +00:00
name : Cobub Razor 0.8.0 - Information Disclosure
2021-04-09 22:10:04 +00:00
author : princechaddha
severity : medium
2023-01-30 21:27:22 +00:00
description : Cobub Razor 0.8.0 is susceptible to information disclosure via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.
2023-09-27 15:51:13 +00:00
impact : |
An attacker can exploit this vulnerability to gain sensitive information.
2023-09-06 12:57:14 +00:00
remediation : |
Upgrade to a patched version of Cobub Razor.
2021-08-18 11:37:49 +00:00
reference :
2021-04-09 22:10:04 +00:00
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8770
- https://www.exploit-db.com/exploits/44495/
2022-05-17 09:18:12 +00:00
- https://github.com/Kyhvedn/CVE_Description/blob/master/Cobub_Razor_0.8.0_more_physical_path_leakage.md
2023-01-30 21:27:22 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2018-8770
2021-09-10 11:26:40 +00:00
classification :
2022-05-17 09:18:12 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2022-04-22 10:38:41 +00:00
cvss-score : 5.3
2021-09-10 11:26:40 +00:00
cve-id : CVE-2018-8770
cwe-id : CWE-200
2023-08-31 11:46:18 +00:00
epss-score : 0.00197
2024-01-14 13:49:27 +00:00
epss-percentile : 0.57527
2023-09-06 12:57:14 +00:00
cpe : cpe:2.3:a:cobub:razor:0.8.0:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : cobub
product : razor
tags : cve,cve2018,cobub,razor,exposure,edb
2021-04-09 22:10:04 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-04-09 22:10:04 +00:00
- method : GET
path :
- "{{BaseURL}}/tests/generate.php"
matchers-condition : and
matchers :
- type : word
2023-07-11 19:49:27 +00:00
part : header
2021-04-09 22:10:04 +00:00
words :
- "Fatal error: Class 'PHPUnit_Framework_TestCase' not found in "
- "/application/third_party/CIUnit/libraries/CIUnitTestCase.php on line"
condition : and
2023-07-11 19:49:27 +00:00
2021-04-09 22:10:04 +00:00
- type : status
status :
- 200
2024-01-14 14:05:19 +00:00
# digest: 4b0a00483046022100b1fbf7202b9899b321c7a7bc76329ebf3af2b40b8304fc849dbbc96d0168b214022100e307e5250c290b63e6d58f58c5405fff91ca4388b234624b06da417e6c43811a:922c64590222798bb761d5b6d8e72950