- Description
- Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-88
- Hype score
- Not currently trending
🚨 A critical vulnerability (CVE-2024-52301) in Laravel could let attackers manipulate environment settings, risking sensitive data. If you're using affected versions, update immediately! Stay secure and vigilant! 🔒 #Laravel #CyberSecurity #DevOps @Sanc… https://t.co/PScvdt4LLD
@prod42net
8 Dec 2024
28 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Laravel の脆弱性 CVE-2024-52301 が FIX:Web アプリへの多様な攻撃での悪用可能性 https://t.co/HqvIT92Mrg #API #Laravel #OpenSource #PHP #SAPI #Vulnerability
@iototsecnews
25 Nov 2024
132 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical #Laravel Vulnerability (CVE-2024-52301) Improper Input Validation lets attackers alter server environments using crafted query strings Severity: 8.7 (High) Affected Systems: ~830K Dork: http.headers.set_cookie:"laravel_session=" Patch: https://t.co/qFifyq5Ftz…
@Clon3R17320
21 Nov 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Vulnerabilidad crítica en Laravel 🚨 CVE-2024-52301 (CVSS 8.7) permite escalamiento de privilegios y acceso no autorizado. Afecta versiones <11.31.0. 🔒 Actualiza ya para proteger tus aplicaciones. 👉 https://t.co/QT30ZL7YGr #SeguridadWeb #Laravel #Vulnerabilidades
@digitalDotSL
19 Nov 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری جدیدی با کد شناسایی CVE-2024-52301 برای فریمورک Laravel که یک فریمورک زبان برنامه نویسی php می باشد ، منتشر شده است. این آسیب پذیری باعث ، ارتقای سطح دسترسی ، دسترسی کامل به سیستم آسیب پذیر و data tampering می گردد. https://t.co/Poz3aKYxT1 https://t.co/4Q88xbt5SR
@AmirHossein_sec
17 Nov 2024
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
まとめました Laravelの脆弱性CVE-2024-52301が個人開発しているプロダクトに影響するかを調べてみた https://t.co/MtfuhjRn7w #Qiita
@Bakio202076
17 Nov 2024
102 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Laravelのregister_argc_argvをonにしていると環境変数をクエリストリングで変更されちまうぜというCVE-2024-52301についてメモ 結論php-fpmのregister_argc_argvをonにすることってあまりないので、この脆弱性を踏んでしまうことは少ないのかなと個人的にはおもた続く https://t.co/Uv6P7i0lDt
@Bakio202076
16 Nov 2024
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Vulnerabilidad crítica de Laravel (CVE-2024-52301) expone millones de aplicaciones web a ataques https://t.co/iSUIR3Y7gk https://t.co/6pHD0EYb7H
@elhackernet
15 Nov 2024
10203 Impressions
46 Retweets
119 Likes
42 Bookmarks
1 Reply
1 Quote
⚠️ Critical Laravel Vulnerability CVE-2024-52301 Allows Unauthorized Access - Framework: Laravel, a popular PHP framework for web applications. - Impact: - Privilege escalation - Data tampering - Full system compromise - Cause: Improper validation of user inputs.
@Ransom_DB
15 Nov 2024
107 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-52301: Improper Input Validation in Laravel, 8.7 rating❗️ Vuln allows an attacker to change environment using a special crafted query. More then 830k instances at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/NEzHWyU1x3 #cybersecurity #vulnerability_map #laravel http
@Netlas_io
15 Nov 2024
1160 Impressions
5 Retweets
17 Likes
8 Bookmarks
0 Replies
0 Quotes
Laravelに高深刻度の脆弱性。CVE-2024-52301はCVSSスコア8.7で、PHPのregister_argc_argvディレクティブの取り扱いに起因する入力検証不備により、スクリプト内でコマンドライン引数の処理が可能となるもの。 https://t.co/MTQIv4Gsrx
@__kokumoto
15 Nov 2024
2861 Impressions
15 Retweets
34 Likes
11 Bookmarks
0 Replies
1 Quote
Critical Laravel Flaw (CVE-2024-52301) Exposes Millions of Web Applications to Attack https://t.co/FEAnaQSgyX
@Dinosn
15 Nov 2024
2094 Impressions
5 Retweets
17 Likes
9 Bookmarks
0 Replies
0 Quotes
CVE-2024-52301 Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are … https://t.co/vHHC56mEp9
@CVEnew
13 Nov 2024
295 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Yesterday, @laravelphp released security updates (regarding CVE-2024-52301) for Laravel 6.x up to Laravel 11.x. While there is no need to panic, you should update your Laravel application as soon as possible. When the register_argc_argv php directive is set to on , and users… h
@bernhardkraemer
13 Nov 2024
207 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes