Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Files or Directories Accessible to External Parties in ether/logs
Vulnerability Description
Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对外部实体的文件或目录可访问
Vulnerability Title
Ether Logs 信息泄露漏洞
Vulnerability Description
Ether Logs是一个软件包。 Ether Logs 3.0.4 之前的版本中存在安全漏洞,该漏洞允许经过身份验证的管理员用户访问服务器上的任何文件。
CVSS Information
N/A
Vulnerability Type
N/A