CVE-2018-8770

MEDIUM NUCLEI

Western Bridge Cobub Razor 0.8.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-8770. PoCs published by Kyhvedn. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a physical path leakage vulnerability in Cobub Razor 0.8.0 by accessing specific endpoints that expose sensitive information. The PoC includes URLs and HTTP methods to trigger the vulnerability, primarily targeting misconfigured or exposed test and controller files.

Description

Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php in tests/.

Exploits (1)

exploitdb WORKING POC

by Kyhvedn · textwebappsphp

https://www.exploit-db.com/exploits/44495

View Code ZIP pw:eip

This exploit demonstrates a physical path leakage vulnerability in Cobub Razor 0.8.0 by accessing specific endpoints that expose sensitive information. The PoC includes URLs and HTTP methods to trigger the vulnerability, primarily targeting misconfigured or exposed test and controller files.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Cobub Razor 0.8.0

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Cobub Razor 0.8.0 - Information Disclosure

MEDIUMby princechaddha

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/Kyhvedn/CVE_Description/blob/master/Cobub_Razor_0.8.0_more_physical_path_leakage.md

View Exploit ZIP pw:eip

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44495/

Scores

CVSS v3 5.3

EPSS 0.6059

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

cobub/razor 0.8.0

Published Mar 18, 2018

Tracked Since Feb 18, 2026