Vulnerability Details : CVE-2018-8947
Public exploit exists!
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.
Exploit prediction scoring system (EPSS) score for CVE-2018-8947
Probability of exploitation activity in the next 30 days: 6.36%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-8947
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-8947
-
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-8947
-
https://www.exploit-db.com/exploits/44343/
Laravel Log Viewer < 0.13.0 - Local File DownloadExploit;Third Party Advisory;VDB Entry
-
https://github.com/rap2hpoutre/laravel-log-viewer/commit/cda89c06dc5331d06fab863d7cb1c4047ad68357
security fix · rap2hpoutre/laravel-log-viewer@cda89c0 · GitHubPatch;Third Party Advisory
-
https://github.com/rap2hpoutre/laravel-log-viewer/releases/tag/v0.13.0
Release v0.13.0 · rap2hpoutre/laravel-log-viewer · GitHubThird Party Advisory
Products affected by CVE-2018-8947
- cpe:2.3:a:laravel_log_viewer_project:laravel_log_viewer:*:*:*:*:*:*:*:*