Vulnerability Details CVE-2021-32752
Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.3%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 4.0
References
Products affected by CVE-2021-32752
-
cpe:2.3:a:ethercreative:logs:3.0.0
-
cpe:2.3:a:ethercreative:logs:3.0.1
-
cpe:2.3:a:ethercreative:logs:3.0.2
-
cpe:2.3:a:ethercreative:logs:3.0.3