CVE-2018-8947

HIGH7.5EPSS 16.2%

Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0

Published: 5/13/2022Modified: 2/16/2024

Description

rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.

Affected packages (1)

Packagist/rap2hpoutre/laravel-log-viewerfrom 0, < 0.13.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-8947
WEBhttps://github.com/rap2hpoutre/laravel-log-viewer/commit/cda89c06dc5331d06fab863d7cb1c4047ad68357
WEBhttps://github.com/rap2hpoutre/laravel-log-viewer/releases/tag/v0.13.0
WEBhttps://www.exploit-db.com/exploits/44343