Vulnerability Details : CVE-2018-8947
Public exploit exists!
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.
Products affected by CVE-2018-8947
- cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-8947
6.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-8947
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-8947
-
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-8947
-
https://www.exploit-db.com/exploits/44343/
Laravel Log Viewer < 0.13.0 - Local File DownloadExploit;Third Party Advisory;VDB Entry
-
https://github.com/rap2hpoutre/laravel-log-viewer/commit/cda89c06dc5331d06fab863d7cb1c4047ad68357
security fix · rap2hpoutre/laravel-log-viewer@cda89c0 · GitHubPatch;Third Party Advisory
-
https://github.com/rap2hpoutre/laravel-log-viewer/releases/tag/v0.13.0
Release v0.13.0 · rap2hpoutre/laravel-log-viewer · GitHubThird Party Advisory
Jump to