Lucene search
K

7 matches found

Nuclei
Nuclei
added 5 days ago146 views

Laravel <5.5.21 - Information Disclosure

Laravel through 5.5.21 is susceptible to information disclosure. An attacker can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: CVE pertains only to the writeNewEnvironmentFileWith function in...

7.5CVSS7.1AI score0.8703EPSS
Exploits4References5
Exploit DB
Exploit DB
added 2019/07/16 12:0 a.m.273 views

PHP Laravel Framework 5.5.40 / 5.6.x &lt; 5.6.30 - token Unserialize Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP Laravel Framework token Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the PHP Laravel...

7.5CVSS8.1AI score0.8703EPSS
Exploits4
Circl
Circl
added 2019/07/12 2:46 p.m.17 views

CVE-2017-16894

creationtimestamp| type| source ---|---|--- 2019-07-12 14:46:12+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/laraveltokenunserializeexec.rb 2019-07-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47129 2024-05-29...

7.5CVSS7.6AI score0.8703EPSS
Exploits4References5
OSV
OSV
added 2017/11/20 1:29 a.m.31 views

CVE-2017-16894

In Laravel framework through 5.5.21, remote attackers can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in...

7.5CVSS6.4AI score
Exploits0References3
CVE
CVE
added 2017/11/20 1:0 a.m.366 views

CVE-2017-16894

CVE-2017-16894 affects Laravel up to version 5.5.21. Affected code path is writeNewEnvironmentFileWith in KeyGenerateCommand.php, which uses file_put_contents without restricting .env permissions, allowing an attacker to disclose the contents of the .env file via a direct request to /.env. The vu...

7.5CVSS7.3AI score0.8703EPSS
In wildExploits4References3Affected Software1
Debian CVE
Debian CVE
added 2017/11/20 1:0 a.m.33 views

CVE-2017-16894

In Laravel framework through 5.5.21, remote attackers can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in...

7.5CVSS7.4AI score0.8703EPSS
Exploits4
Cvelist
Cvelist
added 2017/11/20 1:0 a.m.35 views

CVE-2017-16894

In Laravel framework through 5.5.21, remote attackers can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in...

7.5AI score0.8703EPSS
Exploits4References3
Rows per page
Query Builder