CVE-2018-8770: CVE-2018-8770

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-8770

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php in tests/.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Western Bridge Cobub Razor 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Western Bridge Cobub Razor是一套开源的移动应用程序分析系统。该系统能够为用户提供详细的多维度报告并监控其移动应用和应用程序用户行为的统计数据。 Western Bridge Cobub Razor 0.8.0版本中存在安全漏洞。攻击者可借助tests/中的多个文件利用该漏洞获取物理路径。（多个文件包括：generate.php，controllers/getConfigTest.php，controllers/getUpdateTest.php，controllers/postc

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2018-8770

#	POC Description	Source Link	Shenlong Link
1	Cobub Razor 0.8.0 is susceptible to information disclosure via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-8770.yaml	POC Details
2	None	https://github.com/chaitin/xray-plugins/blob/main/poc/manual/razor-cve-2018-8770.yml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-8770

Please Login to view more intelligence information

https://github.com/Kyhvedn/CVE_Description/blob/master/Cobub_Razor_0.8.0_more_physical_path_leakage.mdx_refsource_MISC
https://www.exploit-db.com/exploits/44495/exploitx_refsource_EXPLOIT-DB
https://nvd.nist.gov/vuln/detail/CVE-2018-8770

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2018-8770

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2018-8770

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-8770

III. Intelligence Information for CVE-2018-8770

IV. Related Vulnerabilities

V. Comments for CVE-2018-8770

Leave a comment