Overview
- Description
- Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Secondary
- Base score
- 0
- Impact score
- 0
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- Severity
- NONE
Weaknesses
- security-advisories@github.com
- CWE-88
Social media
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
آسیب پذیری جدیدی با کد شناسایی CVE-2024-52301 برای فریمورک Laravel که یک فریمورک زبان برنامه نویسی php می باشد ، منتشر شده است. این آسیب پذیری باعث ، ارتقای سطح دسترسی ، دسترسی کامل به سیستم آسیب پذیر و data tampering می گردد. https://t.co/Poz3aKYxT1 https://t.co/4Q88xbt5SR
@AmirHossein_sec
17 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
まとめました Laravelの脆弱性CVE-2024-52301が個人開発しているプロダクトに影響するかを調べてみた https://t.co/MtfuhjRn7w #Qiita
@Bakio202076
17 Nov 2024
49 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Laravelのregister_argc_argvをonにしていると環境変数をクエリストリングで変更されちまうぜというCVE-2024-52301についてメモ 結論php-fpmのregister_argc_argvをonにすることってあまりないので、この脆弱性を踏んでしまうことは少ないのかなと個人的にはおもた続く https://t.co/Uv6P7i0lDt
@Bakio202076
16 Nov 2024
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Vulnerabilidad crítica de Laravel (CVE-2024-52301) expone millones de aplicaciones web a ataques https://t.co/iSUIR3Y7gk https://t.co/6pHD0EYb7H
@elhackernet
15 Nov 2024
10203 Impressions
46 Retweets
119 Likes
42 Bookmarks
1 Reply
1 Quote
⚠️ Critical Laravel Vulnerability CVE-2024-52301 Allows Unauthorized Access - Framework: Laravel, a popular PHP framework for web applications. - Impact: - Privilege escalation - Data tampering - Full system compromise - Cause: Improper validation of user inputs.
@Ransom_DB
15 Nov 2024
107 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-52301: Improper Input Validation in Laravel, 8.7 rating❗️ Vuln allows an attacker to change environment using a special crafted query. More then 830k instances at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/NEzHWyU1x3 #cybersecurity #vulnerability_map #laravel http
@Netlas_io
15 Nov 2024
1160 Impressions
5 Retweets
17 Likes
8 Bookmarks
0 Replies
0 Quotes
Laravelに高深刻度の脆弱性。CVE-2024-52301はCVSSスコア8.7で、PHPのregister_argc_argvディレクティブの取り扱いに起因する入力検証不備により、スクリプト内でコマンドライン引数の処理が可能となるもの。 https://t.co/MTQIv4Gsrx
@__kokumoto
15 Nov 2024
2861 Impressions
15 Retweets
34 Likes
11 Bookmarks
0 Replies
1 Quote
Critical Laravel Flaw (CVE-2024-52301) Exposes Millions of Web Applications to Attack https://t.co/FEAnaQSgyX
@Dinosn
15 Nov 2024
2094 Impressions
5 Retweets
17 Likes
9 Bookmarks
0 Replies
0 Quotes
CVE-2024-52301 Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are … https://t.co/vHHC56mEp9
@CVEnew
13 Nov 2024
295 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Yesterday, @laravelphp released security updates (regarding CVE-2024-52301) for Laravel 6.x up to Laravel 11.x. While there is no need to panic, you should update your Laravel application as soon as possible. When the register_argc_argv php directive is set to on , and users… h
@bernhardkraemer
13 Nov 2024
207 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes