logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2018-15133

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2018-15133

Description:
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
Last updated date:
01/17/2024

Reports

alt

ACTIVELY EXPLOITED

Type:
exploitation
Confidence:
HIGH
Date of publishing:
01/16/2024
Reference url to background

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:
exploit
Confidence:
HIGH
Date of publishing:
08/14/2018
Type:
exploit
Confidence:
HIGH
Date of publishing:
07/12/2019
Type:
exploit
Confidence:
HIGH
Date of publishing:
04/05/2020
Type:
exploit
Confidence:
HIGH
Date of publishing:
11/13/2020
Type:
exploit
Confidence:
HIGH
Date of publishing:
12/21/2020
Reference url to background

https://github.com/PwnedShell/Larascript

Type:
exploit
Confidence:
HIGH
Date of publishing:
12/21/2020
Reference url to background

https://github.com/pwnedshell/Larascript

Type:
exploit
Confidence:
HIGH
Date of publishing:
01/03/2021
Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy