Description
Laravel log viewer is a log viewer for Laravel 5 (compatible with 4.2 too) and Lumen.
Laravel Log Viewer before version v0.13.0 relies on Base64 encoding of filenames for l, dl, and del endpoints, which makes it easier for remote attackers to bypass access restrictions, as demonstrated by reading arbitrary files via a dl request.
Remediation
Upgrade to the latest version of Laravel Log Viewer. This vulnerability was fixed in Laravel Log Viewer v0.13.0.
References
Related Vulnerabilities
Joomla! Core 3.9.x Directory Traversal (3.9.3 - 3.9.5)
WordPress Plugin Responsive Owl Carousel for Elementor Local File Inclusion (1.2.0)
WordPress Plugin Add From Server Directory Traversal (3.3.3)
Oracle JavaServer Faces multiple vulnerabilities
WordPress Plugin Adavnced Video embed Local File Inclusion (1.0)