Western Bridge · Western Bridge Cobub Razor · CVE-2018-8056
Name of the Vulnerable Software and Affected Versions:
Western Bridge Cobub Razor version 0.8.0
Description:
A physical path leakage issue exists due to an invalid `channel name` parameter. This can be exploited via a request to `/index.php?/manage/channel/addchannel` or a direct request to `/export.php`.
Recommendations:
For version 0.8.0, avoid using the `channel name` parameter in the affected API endpoint until the issue is resolved. Restrict access to the `/export.php` and `/index.php?/manage/channel/addchannel` endpoints to minimize the risk of exploitation.