Ethercreative: >> Logs Security Vulnerabilities
The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php.
CVSS Score
4.9
EPSS Score
0.051
Published
2022-01-31
Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.
CVSS Score
7.2
EPSS Score
0.005
Published
2021-07-09