This content originally appeared on DEV Community and was authored by Freedom Coder
CVE ID
CVE-2018-15133
Vulnerability Name
Laravel Deserialization of Untrusted Data Vulnerability
- Project: Laravel
- Product: Laravel Framework
Date
- Date Added: 2024-01-16
- Due Date: 2024-02-06
Description
Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key (APP_KEY environment variable).
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30; https://nvd.nist.gov/vuln/detail/CVE-2018-15133
Related Security News
- Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub
- AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
More CVEs Info
Common Vulnerabilities & Exposures (CVE) List
This content originally appeared on DEV Community and was authored by Freedom Coder