← back
CVE-2018-8947

CVE-2018-8947

EPSS 11.6%
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.
Affected products
n/a · n/a
public PoCs found3
githubgithub.com/scopion/CVE-2018-89470cve_referencewww.exploit-db.com/exploits/44343/unverifiedexploitdbwww.exploit-db.com/exploits/44343unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/rap2hpoutre/laravel-log-viewer/commit/cda89c06dc5331d06fab863d7cb1c4047ad68357https://github.com/rap2hpoutre/laravel-log-viewer/releases/tag/v0.13.0https://www.exploit-db.com/exploits/44343/