Vulnerability Details CVE-2018-8947
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.169
EPSS Ranking 94.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/rap2hpoutre/laravel-log-viewer/commit/cda89c06dc5331d06fab863d7cb1c4047ad68357
- https://github.com/rap2hpoutre/laravel-log-viewer/releases/tag/v0.13.0
- https://www.exploit-db.com/exploits/44343/
- https://github.com/rap2hpoutre/laravel-log-viewer/commit/cda89c06dc5331d06fab863d7cb1c4047ad68357
- https://github.com/rap2hpoutre/laravel-log-viewer/releases/tag/v0.13.0
- https://www.exploit-db.com/exploits/44343/
Products affected by CVE-2018-8947
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.1.0
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.1.1
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.1.10
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.1.2
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.1.3
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.1.4
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.1.5
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.1.6
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.1.7
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.1.8
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.1.9
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.10.0
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.10.1
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.10.2
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.10.3
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.10.4
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.11.0
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.11.1
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.11.2
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.12.0
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.2.0
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.2.1
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.2.2
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.2.3
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.2.4
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.2.5
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.2.6
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.2.7
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.2.8
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.3.0
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.4.0
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.4.1
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.4.2
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.4.3
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.5.0
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.5.1
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.5.2
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.5.3
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.6.0
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.6.1
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.7.0
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.7.1
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.8.0
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.8.1
-
cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:0.9.0