PT-2018-18252 · Western Bridge · Western Bridge Cobub Razor

Ppb

Published

2018-03-07

Updated

2021-09-09

CVE-2018-7745

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Western Bridge Cobub Razor version 0.7.2

Description: An issue was discovered where authentication is not required for the "/index.php?/install/installation/createuserinfo" API endpoint, resulting in the ability to create accounts without proper authorization.

Recommendations: For Western Bridge Cobub Razor version 0.7.2, consider restricting access to the "/index.php?/install/installation/createuserinfo" endpoint until a fix is available, and ensure that proper authentication mechanisms are implemented to prevent unauthorized account creation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2018-7745

Affected Products

Western Bridge Cobub Razor

PT-2018-18252 · Western Bridge · Western Bridge Cobub Razor

CVE-2018-7745

Weakness Enumeration

Related Identifiers

Affected Products

References · 4