CVE-2018-8947
Laravel Log Viewer < 0.13.0 - Local File Download
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.
rap2hpoutre Laravel Log Viewer en versiones anteriores a la v0.13.0 confía en la codificación Base64 para peticiones l, dl y del, lo que facilita a los atacantes remotos omitir las restricciones de acceso planeadas, tal y como queda demostrado al leer archivos arbitrarios con una petición dl.
Laravel Log Viewer versions prior to 0.13.0 suffers from a local file download vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-03-23 CVE Reserved
- 2018-03-25 CVE Published
- 2021-10-29 First Exploit
- 2023-08-16 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-312: Cleartext Storage of Sensitive Information
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://github.com/rap2hpoutre/laravel-log-viewer/releases/tag/v0.13.0 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/44343 | 2024-08-05 | |
| https://github.com/scopion/CVE-2018-8947 | 2021-10-29 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/rap2hpoutre/laravel-log-viewer/commit/cda89c06dc5331d06fab863d7cb1c4047ad68357 | 2019-10-03 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Laravel Log Viewer Project Search vendor "Laravel Log Viewer Project" | Laravel Log Viewer Search vendor "Laravel Log Viewer Project" for product "Laravel Log Viewer" | < 0.13.0 Search vendor "Laravel Log Viewer Project" for product "Laravel Log Viewer" and version " < 0.13.0" | - |
Affected
| ||||||