CVE-2018-8057

Cobub Razor 0.8.0 is affected by a SQL injection vulnerability in the /index.php?/manage/channel/addchannel endpoint. The issue stems from unsanitized input via the channel_name and platform parameters in /application/controllers/manage/channel.php (lines 75–95), enabling error-based and time-bas...

CVE-2018-8056

Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channelname parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php...

CVE-2018-8057

A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channelname or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php...

CVE-2018-8056

CVE-2018-8056 affects Cobub Razor 0.8.0. The vulnerability is a physical path leakage caused by an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php, exposing internal file paths that could aid information disclosure. Connected references i...

Cobub Razor Account Creation Vulnerability

Cobub Razor is an open source mobile app statistical analysis system that you can build on your own server to collect and present relevant user behavior data from your mobile apps including iOS, Android and Windows Phone. An account creation vulnerability exists in Western Bridge Cobub Razor 0.7....

Cobub Razor Cross-Site Scripting Vulnerability

Western Bridge Cobub Razor is an open source mobile application analytics system. The system can provide users with detailed multi-dimensional reports and monitor their mobile applications and applications user behavior statistics. A security vulnerability exists in Western Bridge Cobub Razor...

Design/Logic Flaw

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/install/installation/createuserinfo requests, resulting in account creation...

CVE-2018-7745

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/install/installation/createuserinfo requests, resulting in account creation...

CVE-2018-7746

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin...

CVE-2018-7746

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin...

CVE-2018-7745

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/install/installation/createuserinfo requests, resulting in account creation...

CVE-2018-7745

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/install/installation/createuserinfo requests, resulting in account creation...

CVE-2018-7746

Cobub Razor 0.7.2 suffers an authentication bypass on /index.php?/manage/channel/modifychannel, enabling stored XSS triggered when an admin performs a subsequent /index.php?/manage/channel request. Evidence in multiple sources shows a craftable channel_name payload (e.g., xss), illustrating the v...

CVE-2018-7745

CVE-2018-7745 affects Western Bridge Cobub Razor 0.7.2. The vulnerability is a missing authentication for the URL /index.php?/install/installation/createuserinfo, allowing account creation without login. Attackers could create a new user (superuser) through a crafted POST request, as shown by pub...

CVE-2018-7746

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation...

CVE-2018-7720

A cross-site request forgery CSRF vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation...

CVE-2018-7720

A cross-site request forgery CSRF vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation...

CVE-2018-7720

A cross-site request forgery CSRF vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation...

CVE-2018-7720

The CVE-2018-7720 entry details a CSRF vulnerability in Western Bridge Cobub Razor 0.7.2, exploitable via /index.php?/user/createNewUser/ to create new accounts without proper authorization. The underlying issue is cross-site request forgery that permits account creation, with impact described as...