Vulnerability Description
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Laravel Log Viewer Project | Laravel Log Viewer | < 0.13.0 |
Related Weaknesses (CWE)
References
- https://github.com/rap2hpoutre/laravel-log-viewer/commit/cda89c06dc5331d06fab863PatchThird Party Advisory
- https://github.com/rap2hpoutre/laravel-log-viewer/releases/tag/v0.13.0Third Party Advisory
- https://www.exploit-db.com/exploits/44343/ExploitThird Party AdvisoryVDB Entry
- https://github.com/rap2hpoutre/laravel-log-viewer/commit/cda89c06dc5331d06fab863PatchThird Party Advisory
- https://github.com/rap2hpoutre/laravel-log-viewer/releases/tag/v0.13.0Third Party Advisory
- https://www.exploit-db.com/exploits/44343/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-8947?
CVE-2018-8947 is a vulnerability with a CVSS score of 7.5 (HIGH). rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated ...
How severe is CVE-2018-8947?
CVE-2018-8947 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-8947?
Check the references section above for vendor advisories and patch information. Affected products include: Laravel Log Viewer Project Laravel Log Viewer.