Lucene search
K

18 matches found

GithubExploit
GithubExploit
added 2025/11/19 11:16 p.m.204 views

Exploit for Deserialization of Untrusted Data in Laravel

CVE-2018-15133-PoC Este script Python implementa un exploit d...

8.1CVSS7.1AI score0.76814EPSS
Exploits11
OpenVAS
OpenVAS
added 2025/04/24 12:0 a.m.8 views

Laravel < 5.6.30 RCE Vulnerability

Laravel is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:laravel:laravel"; ...

8.1CVSS8.6AI score0.76814EPSS
Exploits11References3
The Hacker News
The Hacker News
added 2024/03/21 12:48 p.m.75 views

AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs...

9.8CVSS8AI score0.99999EPSS
Exploits179
Imperva Blog
Imperva Blog
added 2024/01/31 2:3 p.m.54 views

Imperva uncovers new Indicators of Compromise for FBI and CISA-flagged AndroxGh0st botnet

On January 16, a joint alert from FBI and CISA warned about a concerning development: the emergence of a botnet driven by AndroxGh0st malware targeting vulnerable applications and web servers. AndroxGh0st is a Python-based malware, first seen in late 2022, designed to target Laravel .env files an...

10CVSS8AI score0.99999EPSS
Exploits223
CISA
CISA
added 2024/01/16 12:0 p.m.13 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2018-15133 Laravel Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

8.1CVSS9.7AI score0.76814EPSS
In wildExploits11References6
VulnCheck KEV
VulnCheck KEV
added 2023/03/17 12:0 a.m.6 views

VulnCheck KEV: CVE-2018-15133

Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key APPKEY environment variable...

8.1CVSS7.3AI score0.76814EPSS
Exploits11References1
Check Point Advisories
Check Point Advisories
added 2021/06/30 12:0 a.m.12 views

Laravel Framework Remote Code Execution (CVE-2018-15133)

A command injection vulnerability exists in Laravel Framework. This is due to insufficient handling of X-XSRF-TOKEN header in phpgcc library. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.8CVSS4.7AI score0.76814EPSS
Exploits11
GithubExploit
GithubExploit
added 2021/01/03 8:6 a.m.16 views

Exploit for Deserialization of Untrusted Data in Laravel

CVE-2018-15133...

8.1CVSS8.1AI score0.76814EPSS
Exploits11
GithubExploit
GithubExploit
added 2020/12/21 10:2 p.m.84 views

Exploit for Deserialization of Untrusted Data in Laravel

| |...

8.1CVSS8.4AI score0.76814EPSS
Exploits11
GithubExploit
GithubExploit
added 2020/11/13 4:33 p.m.23 views

Exploit for Deserialization of Untrusted Data in Laravel

Laravel exploit for CVE-2018-15133 This code exploit CVE-201...

8.1CVSS8.6AI score0.76814EPSS
Exploits11
Exploit DB
Exploit DB
added 2019/07/16 12:0 a.m.275 views

PHP Laravel Framework 5.5.40 / 5.6.x &lt; 5.6.30 - token Unserialize Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP Laravel Framework token Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the PHP Laravel...

7.5CVSS8.1AI score0.8703EPSS
Exploits4
Circl
Circl
added 2019/07/12 2:46 p.m.9 views

CVE-2018-15133

creationtimestamp| type| source ---|---|--- 2019-07-12 14:46:12+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/laraveltokenunserializeexec.rb 2019-07-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47129 2019-10-07...

8.1CVSS7.4AI score0.76814EPSS
Exploits11References9
GithubExploit
GithubExploit
added 2018/08/14 6:51 p.m.39 views

Exploit for Deserialization of Untrusted Data in Laravel

Laravel Remote Code Execution when APPKEY is leaked PoC CVE-...

8.1CVSS8.5AI score0.76814EPSS
Exploits11
NVD
NVD
added 2018/08/09 7:29 p.m.18 views

CVE-2018-15133

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...

8.1CVSS8.3AI score0.76814EPSS
Exploits11References3
Vulnrichment
Vulnrichment
added 2018/08/09 7:0 p.m.11 views

CVE-2018-15133

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...

8.4AI score0.76814EPSS
Exploits11References2
CVE
CVE
added 2018/08/09 7:0 p.m.416 views

CVE-2018-15133

CVE-2018-15133 affects Laravel Framework up to 5.5.40 and 5.6.x up to 5.6.29. It enables remote code execution via a deserialization of untrusted data caused by an unserialize of a potentially untrusted X-XSRF-TOKEN value. The issue involves the decrypt method in Illuminate/Encryption/Encrypter.p...

8.1CVSS8.2AI score0.76814EPSS
In wildExploits11References3Affected Software1
Cvelist
Cvelist
added 2018/08/09 7:0 p.m.32 views

CVE-2018-15133

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...

8.3AI score0.76814EPSS
Exploits11References2
ATTACKERKB
ATTACKERKB
added 2018/08/09 12:0 a.m.1096 views

Laravel Framework Unserialize Token RCE (CVE-2018-15133)

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...

8.1CVSS7.9AI score0.8703EPSS
In wildExploits12References3
Rows per page
Query Builder