CVE-2021-3129
CRITICAL
9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,9429
Percentile
1,0th
Updated
EPSS Score Trend (Last 91 Days)
Exploit
Laravel 8.4.2 debug mode - Remote code execution
Laravel 8.4.2 debug mode - Remote code execution
View Exploit Code →
Application
Ignition by Facade
Version Range Affected
To
2.5.2
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:facade:ignition:*:*:*:*:*:laravel:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021…
http://packetstormsecurity.com/files/162094/Ignition-2.5.1-Remote-Code-Executio…
http://packetstormsecurity.com/files/165999/Ignition-Remote-Code-Execution.html
https://github.com/facade/ignition/pull/334
https://www.ambionics.io/blog/laravel-debug-rce
http://packetstormsecurity.com/files/162094/Ignition-2.5.1-Remote-Code-Executio…
http://packetstormsecurity.com/files/165999/Ignition-Remote-Code-Execution.html
https://github.com/facade/ignition/pull/334
https://www.ambionics.io/blog/laravel-debug-rce