CVE-2018-8947
HIGH7.5EPSS 16.2%Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0
發布日:2022/5/13修改日:2024/2/16
描述
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.
受影響套件(1)
- Packagist/rap2hpoutre/laravel-log-viewerfrom 0, < 0.13.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |