CVE-2018-15133 - Laravel Deserialization of Untrusted Data Vulnerability
Project:Laravel
Product:Laravel Framework
Date Added:2024-01-16Due Date:2024-02-06
Vulnerability Name
Laravel Deserialization of Untrusted Data Vulnerability
Description
Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key (APP_KEY environment variable).
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30
https://nvd.nist.gov/vuln/detail/CVE-2018-15133
Related News Articles
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud ServicesNovember 8, 2024