zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.
https://github.com/94fzb/zrlog/issues/48
https://github.com/94fzb/zrlog/commit/b2b4415e2e59b6f18b0a62b633e71c96d63c43ba
Source: Mitre, NVD
Published: 2020-08-25
Updated: 2026-06-17
Base Score: 3.5
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N
Severity: Low
Base Score: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Severity: Medium
EPSS: 0.00193