15 matches found
CVE-2019-10276
Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type...
CVE-2024-28421
SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php...
CVE-2024-28421
SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php...
CVE-2024-28421
SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php...
CVE-2024-28421
CVE-2024-28421 affects Razor 0.8.0. The vulnerability is a SQL Injection in ChannelModel::updateapk within channelmodle.php, which could let a remote attacker escalate privileges. In confirmed third-party sources, mitigation guidance for Razor v0.8.0 includes disabling the ChannelModel::updateapk...
Privilege escalation
Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type...
CVE-2019-10276
Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type...
Cobub Razor 0.8.0 - SQL injection
Cobub Razor 0.8.0 - SQL injection Exploit Title: Cobub Razor 0.8.0 SQL injection Vulnerability Date: 2018-04-16 Exploit Author: Kyhvedn([email protected]、[email protected]) Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-80...
Cobub Razor 0.8.0 - SQL injection
Exploit Title: Cobub Razor 0.8.0 SQL injection Vulnerability Date: 2018-04-16 Exploit Author: Kyhvedn([email protected]、[email protected]) Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8057 The string of the 'channelname'...
Design/Logic Flaw
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php,...
CVE-2018-8770
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php,...
CVE-2018-8770
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php,...
CVE-2018-8770
Cobub Razor 0.8.0 is affected by CVE-2018-8770, a physical path leakage information disclosure. The issue arises via multiple test-related PHP files and fixtures (e.g., generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/post...
Design/Logic Flaw
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channelname parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php...
CVE-2018-8056
CVE-2018-8056 affects Cobub Razor 0.8.0. The vulnerability is a physical path leakage caused by an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php, exposing internal file paths that could aid information disclosure. Connected references i...