Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ethercreative Subscribe
Filtered by product Logs
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-23409 1 Ethercreative 1 Logs 2022-02-04 4.0 MEDIUM 4.9 MEDIUM
The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php.
CVE-2021-32752 1 Ethercreative 1 Logs 2021-07-22 4.0 MEDIUM 4.9 MEDIUM
Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.