Description

Laravel is a popular PHP web application framework. A publicly accessble Laravel log file (/storage/logs/laravel.log) was found in this directory.

This file may expose sensitive information that could help a malicious user to prepare more advanced attacks. It's recommended to remove or restrict access to this type of files from production systems.

Remediation

Remove or restrict access from the internet to this type of files.

References

Laravel Logging

Related Vulnerabilities

JBoss status servlet information leak

Session ID in URL

Apache Tomcat examples directory vulnerabilities

WordPress Plugin MP3-jPlayer Local File Disclosure (2.3)

WordPress Plugin WooCommerce Information Disclosure (4.5.2)

Severity

Medium

Classification

CWE-538 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Test Files