7 matches found
Laravel <5.5.21 - Information Disclosure
Laravel through 5.5.21 is susceptible to information disclosure. An attacker can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: CVE pertains only to the writeNewEnvironmentFileWith function in...
PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP Laravel Framework token Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the PHP Laravel...
CVE-2017-16894
creationtimestamp| type| source ---|---|--- 2019-07-12 14:46:12+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/laraveltokenunserializeexec.rb 2019-07-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47129 2024-05-29...
CVE-2017-16894
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in...
CVE-2017-16894
CVE-2017-16894 affects Laravel up to version 5.5.21. Affected code path is writeNewEnvironmentFileWith in KeyGenerateCommand.php, which uses file_put_contents without restricting .env permissions, allowing an attacker to disclose the contents of the .env file via a direct request to /.env. The vu...
CVE-2017-16894
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in...
CVE-2017-16894
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in...