Laravel log viewer local file download (LFD)

Description
  • Laravel log viewer is a log viewer for Laravel 5 (compatible with 4.2 too) and Lumen.

    Laravel Log Viewer before version v0.13.0 relies on Base64 encoding of filenames for l, dl, and del endpoints, which makes it easier for remote attackers to bypass access restrictions, as demonstrated by reading arbitrary files via a dl request.
Remediation
  • Upgrade to the latest version of Laravel Log Viewer. This vulnerability was fixed in Laravel Log Viewer v0.13.0.
References