CVE-2022-23409

CVE-2022-23409 concerns the Craft CMS Logs plugin (Ethercreative Logs) prior to version 3.0.4. Root cause: path traversal through input to actionStream in Controller.php, enabling remote attackers to read arbitrary files. Affected: Logs plugin for Craft CMS, versions before 3.0.4. Impact: unautho...

CVE-2021-32752

Ether Logs (Craft 3) prior to version 3.0.4 is affected. An authenticated admin can access any file on the server due to a vulnerability in the plugin’s handling of file access. The issue has been fixed in version 3.0.4. As a workaround, disable the plugin if admin access by untrusted sources is ...