The Logs plugin prior to 3.0.4 for Craft CMS allows remote malicious users to read arbitrary files via input to actionStream in Controller.php.
ethercreative logs