18 matches found
Exploit for Deserialization of Untrusted Data in Laravel
CVE-2018-15133-PoC Este script Python implementa un exploit d...
Laravel < 5.6.30 RCE Vulnerability
Laravel is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:laravel:laravel"; ...
AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials
Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs...
Imperva uncovers new Indicators of Compromise for FBI and CISA-flagged AndroxGh0st botnet
On January 16, a joint alert from FBI and CISA warned about a concerning development: the emergence of a botnet driven by AndroxGh0st malware targeting vulnerable applications and web servers. AndroxGh0st is a Python-based malware, first seen in late 2022, designed to target Laravel .env files an...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2018-15133 Laravel Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
VulnCheck KEV: CVE-2018-15133
Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key APPKEY environment variable...
Laravel Framework Remote Code Execution (CVE-2018-15133)
A command injection vulnerability exists in Laravel Framework. This is due to insufficient handling of X-XSRF-TOKEN header in phpgcc library. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Exploit for Deserialization of Untrusted Data in Laravel
CVE-2018-15133...
Exploit for Deserialization of Untrusted Data in Laravel
| |...
Exploit for Deserialization of Untrusted Data in Laravel
Laravel exploit for CVE-2018-15133 This code exploit CVE-201...
PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP Laravel Framework token Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the PHP Laravel...
CVE-2018-15133
creationtimestamp| type| source ---|---|--- 2019-07-12 14:46:12+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/laraveltokenunserializeexec.rb 2019-07-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47129 2019-10-07...
Exploit for Deserialization of Untrusted Data in Laravel
Laravel Remote Code Execution when APPKEY is leaked PoC CVE-...
CVE-2018-15133
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
CVE-2018-15133
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
CVE-2018-15133
CVE-2018-15133 affects Laravel Framework up to 5.5.40 and 5.6.x up to 5.6.29. It enables remote code execution via a deserialization of untrusted data caused by an unserialize of a potentially untrusted X-XSRF-TOKEN value. The issue involves the decrypt method in Illuminate/Encryption/Encrypter.p...
CVE-2018-15133
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
Laravel Framework Unserialize Token RCE (CVE-2018-15133)
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...