Lucene search
K

39 matches found

Vulnrichment
Vulnrichment
added 2024/10/11 12:0 a.m.17 views

CVE-2024-48987

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

7.8AI score0.00962EPSS
Exploits1References2
OSV
OSV
added 2024/10/11 12:0 a.m.13 views

CVE-2024-48987

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

6.6CVSS7.7AI score0.00962EPSS
Exploits1References4
CVE
CVE
added 2024/10/11 12:0 a.m.98 views

CVE-2024-48987

CVE-2024-48987 affects Snipe-IT prior to 7.0.10. The vulnerability enables remote code execution through cookie handling when an attacker knows the APP_KEY, with risk amplified by default APP_KEY values in .env files in the repository. Affected component is the cookie deserialization path; root c...

6.6CVSS8.1AI score0.00962EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/03/22 5:15 p.m.11 views

CVE-2024-29185

FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the phppath parameter is being executed as an OS command by the shellexec function, without validating it. This allows an...

9CVSS9.6AI score0.01731EPSS
Exploits1References1
NVD
NVD
added 2022/09/29 3:15 a.m.21 views

CVE-2020-15330

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APPKEY in /opt/axess/etc/default/axess...

5.3CVSS0.00572EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/05/14 1:48 a.m.29 views

LFI in PHP-Proxy 5.1.0

PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" intended for users who lack shell access to their web server is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 appkey value from the default config.php is in place, and this value ca...

7.5CVSS6.6AI score0.21951EPSS
Exploits5References5Affected Software1
NVD
NVD
added 2022/01/31 6:15 p.m.34 views

CVE-2021-42635

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APPKEY value, leading to pre-auth remote code execution...

9.3CVSS0.05524EPSS
Exploits1References6
Cvelist
Cvelist
added 2022/01/31 5:54 p.m.203 views

CVE-2021-42635

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APPKEY value, leading to pre-auth remote code execution...

8.6AI score0.05524EPSS
Exploits1References6
NVD
NVD
added 2021/03/03 5:15 p.m.17 views

CVE-2021-21979

In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APPKEY ...

7.5CVSS0.00645EPSS
Exploits1References1
Prion
Prion
added 2021/03/03 5:15 p.m.16 views

Design/Logic Flaw

In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APPKEY ...

7.5CVSS7.2AI score0.00645EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2020/12/03 5:23 a.m.26 views

MTN Group: PHP Info Exposing Secrets at https://radio.mtn.bj/info

Summary: During recon I discovered a PHP Info file exposing environment variables such as; Laravel APPKEY, Database username/password, SMTP username/password, etc. Steps To Reproduce: Visit the following URL; https://radio.mtn.bj/info You will be presented with a PHP Info file exposing environmen...

7.2AI score
Exploits0
CVE
CVE
added 2020/06/26 2:41 p.m.51 views

CVE-2020-15330

Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 contain a hardcoded APP_KEY in /opt/axess/etc/default/axess. This root cause enables potential unauthorized access or abuse tied to the fixed key, as described in multiple sources. The vulnerability affects the software right in the stated versi...

5.3CVSS5.3AI score0.00572EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/06/26 2:41 p.m.28 views

CVE-2020-15330

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APPKEY in /opt/axess/etc/default/axess...

5.3AI score0.00572EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2019/07/16 12:0 a.m.275 views

PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP Laravel Framework token Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the PHP Laravel...

7.5CVSS8.1AI score0.8703EPSS
Exploits4
0day.today
0day.today
added 2019/07/15 12:0 a.m.121 views

PHP Laravel Framework Token Unserialize Remote Command Execution Exploit

This Metasploit module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x up to 5.6.29. Remote command execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header, due to an insecure unserialize call of the decrypt method in...

8.1CVSS0.4AI score0.8703EPSS
Exploits12
Packet Storm
Packet Storm
added 2019/07/15 12:0 a.m.264 views

PHP Laravel Framework Token Unserialize Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP Laravel Framework token Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the PHP Laravel...

6.8CVSS0.6AI score0.8703EPSS
Exploits12
Metasploit
Metasploit
added 2019/07/07 2:50 p.m.117 views

PHP Laravel Framework token Unserialize Remote Command Execution

This module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x 'PHP Laravel Framework token Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x = 5.6.29. Remote Command...

8.1CVSS0.4AI score0.8703EPSS
Exploits12
OSV
OSV
added 2018/11/13 9:29 a.m.3 views

CVE-2018-19246

PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" intended for users who lack shell access to their web server is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 appkey value from the default config.php is in place, and this value ca...

7.5CVSS5.8AI score0.21951EPSS
Exploits5References2
GithubExploit
GithubExploit
added 2018/08/14 6:51 p.m.40 views

Exploit for Deserialization of Untrusted Data in Laravel

Laravel Remote Code Execution when APPKEY is leaked PoC CVE-...

8.1CVSS8.5AI score0.76814EPSS
Exploits11
Rows per page
Query Builder