CVE-2021-32752

Summary

Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.

Affected Software

VendorProductVersion RangeStatus
ethercreativelogs< 3.0.4affected

Weaknesses

  • CWE-552: CWE-552: Files or Directories Accessible to External Parties

ADP Enrichment

CVE Program Container

Additional References

References