PT-2019-11678 · Western Bridge · Western Bridge Cobub Razor

Kyrie403

Published

2019-03-29

Updated

2019-04-01

CVE-2019-10276

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Western Bridge Cobub Razor version 0.8.0

Description The issue concerns a file upload vulnerability. This vulnerability can be exploited via the "web/assets/swf/uploadify.php" URI. An example of exploitation involves uploading a .php file with the content type set to image/jpeg.

Recommendations For version 0.8.0, consider restricting access to the "web/assets/swf/uploadify.php" URI to prevent unauthorized file uploads until a fix is available. As a temporary workaround, monitor file uploads closely to detect and prevent potential malicious activity.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2019-10276

Affected Products

Western Bridge Cobub Razor

PT-2019-11678 · Western Bridge · Western Bridge Cobub Razor

CVE-2019-10276

Weakness Enumeration

Related Identifiers

Affected Products

References · 4