CVE-2018-8947

HIGH

Laravel Log Viewer < 0.13.0 - Cleartext Storage

Title source: rule

Description

rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.

Exploits (3)

exploitdb WORKING POC
by Haboob Team · pythonwebappsphp
https://www.exploit-db.com/exploits/44343
gitlab WORKING POC
by enkidu.zhang · poc
https://gitlab.com/enkidu.zhang/CVE-2018-8947
nomisec WORKING POC
by scopion · poc
https://github.com/scopion/CVE-2018-8947

References (3)

Scores

CVSS v3 7.5
EPSS 0.1617
EPSS Percentile 94.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-312
Status published
Products (2)
laravel_log_viewer_project/laravel_log_viewer < 0.13.0
rap2hpoutre/laravel-log-viewer 0 - 0.13.0Packagist
Published Mar 25, 2018
Tracked Since Feb 18, 2026