CVE-2018-8947

HIGH

rap2hpoutre Laravel Log Viewer < 0.13.0 - Cleartext Storage of Sensitive Information via Base64 Encoding

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2018-8947. PoCs published by Haboob Team, enkidu.zhang, scopion.

AI-analyzed exploit summary This exploit leverages an unauthorized file download vulnerability in Laravel log viewer by rap2hpoutre (CVE-2018-8947). It allows an attacker to download arbitrary files accessible to the Laravel application by encoding the file path in base64 and appending it to the vulnerable endpoint.

Description

rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.

Exploits (3)

exploitdb WORKING POC
by Haboob Team · pythonwebappsphp
https://www.exploit-db.com/exploits/44343

This exploit leverages an unauthorized file download vulnerability in Laravel log viewer by rap2hpoutre (CVE-2018-8947). It allows an attacker to download arbitrary files accessible to the Laravel application by encoding the file path in base64 and appending it to the vulnerable endpoint.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Laravel log viewer by rap2hpoutre v0.12.0 and below
No auth needed
Prerequisites: Access to the vulnerable Laravel log viewer endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
gitlab WORKING POC
by enkidu.zhang · poc
https://gitlab.com/enkidu.zhang/CVE-2018-8947

This PoC exploits an arbitrary file download vulnerability in Laravel log viewer by rap2hpoutre (CVE-2018-8947). It allows unauthorized users to download any file accessible to the Laravel application by encoding the file path in base64 and appending it to the logs endpoint.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: rap2hpoutre/laravel-log-viewer v0.12.0 and below
No auth needed
Prerequisites: vulnerable Laravel log viewer installation · network access to the target
devstral-2 · analyzed Apr 10, 2026 Full analysis →
nomisec WORKING POC
by scopion · poc
https://github.com/scopion/CVE-2018-8947

This PoC exploits an unauthorized local file download vulnerability in Laravel log viewer by rap2hpoutre (CVE-2018-8947). It allows an attacker to download arbitrary files by encoding the target file path in base64 and appending it to the vulnerable endpoint.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: rap2hpoutre/laravel-log-viewer v0.12.0 and below
No auth needed
Prerequisites: Vulnerable Laravel log viewer instance with accessible endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44343/

Scores

CVSS v3 7.5
EPSS 0.1163
EPSS Percentile 95.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-312
Status published
Products (2)
laravel_log_viewer_project/laravel_log_viewer < 0.13.0
rap2hpoutre/laravel-log-viewer 0 - 0.13.0Packagist
Published Mar 25, 2018
Tracked Since Feb 18, 2026