Primary

Context

otale Tale Blog Improper Authentication Vulnerability in Admin Logs API

Vulnerability

An improper authentication vulnerability has been identified in otale Tale Blog version 2.0.5. This issue allows unauthorized access to the admin logs API, bypassing the login requirement. The vulnerability resides in the file '/%61dmin/api/logs' and can be exploited remotely. It is important to note that this version of the software is no longer supported by the maintainer.

Impact

Exploitation of this vulnerability allows unauthorized users to access sensitive administrative log data, potentially including administrator account passwords, thereby creating a permission verification issue.

Reproduction

Accessing the '/%61dmin/api/logs' endpoint directly bypasses authentication, revealing sensitive log information. This can be done remotely without any login credentials.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

otale Tale Blog Improper Authentication Vulnerability in Admin Logs API

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating