CVE-2018-15133
Laravel Deserialization of Untrusted Data Vulnerability
CVSS
—
Sin CVSS
EPSS
76.8%
p99
KEV
SÍ
16 ene 2024
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Laravel / Laravel Framework
Vulnerabilidad
Laravel Deserialization of Untrusted Data Vulnerability
Añadido a KEV
16 ene 2024
Remediar antes de
6 feb 2024
Uso conocido en ransomware
No
Descripción resumida
Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key (APP_KEY environment variable).
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30; https://nvd.nist.gov/vuln/detail/CVE-2018-15133
Sin CVEs relacionados por CWE o producto.