Cobub Razor 0.8.0 - Information Disclosure
ID: CVE-2018-8770
Severity: medium
Author: princechaddha
Tags: cve,cve2018,cobub,razor,exposure,edb
Description
Section titled “Description”Cobub Razor 0.8.0 is susceptible to information disclosure via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.
YAML Source
Section titled “YAML Source”id: CVE-2018-8770
info: name: Cobub Razor 0.8.0 - Information Disclosure author: princechaddha severity: medium description: Cobub Razor 0.8.0 is susceptible to information disclosure via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. impact: | An attacker can exploit this vulnerability to gain sensitive information. remediation: | Upgrade to a patched version of Cobub Razor. reference: - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8770 - https://www.exploit-db.com/exploits/44495/ - https://github.com/Kyhvedn/CVE_Description/blob/master/Cobub_Razor_0.8.0_more_physical_path_leakage.md - https://nvd.nist.gov/vuln/detail/CVE-2018-8770 - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2018-8770 cwe-id: CWE-200 epss-score: 0.00196 epss-percentile: 0.57017 cpe: cpe:2.3:a:cobub:razor:0.8.0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: cobub product: razor tags: cve,cve2018,cobub,razor,exposure,edb
http: - method: GET path: - "{{BaseURL}}/tests/generate.php"
matchers-condition: and matchers: - type: word part: header words: - "Fatal error: Class 'PHPUnit_Framework_TestCase' not found in " - "/application/third_party/CIUnit/libraries/CIUnitTestCase.php on line" condition: and
- type: status status: - 200# digest: 4a0a004730450221008a03a8f58eba9f4b16c821308bb52fed9683711d34afd4c841256fdd9fa020ac0220316fad06d65df1676740b8959a0d59a49d68b9d31eba83d4ce80e585d7bf5b16:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-8770.yaml"