Vulnerability Database
289,697
Total vulnerabilities in the database
CVE-2021-3129
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
| Software | From | Fixed in |
|---|---|---|
facade / ignition
|
2.5.0 | 2.5.2 |
|
facade / ignition
|
2.0.0 | 2.4.2 |
|
facade / ignition
|
1.7.0 | 1.16.14 |
|
facade / ignition
|
- | 1.6.15 |
|
facade / ignition
|
- | 2.5.2 |
- http://packetstormsecurity.com/files/162094/Ignition-2.5.1-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/165999/Ignition-Remote-Code-Execution.html
- https://github.com/facade/ignition/commit/11ffca14abd22db779d90b12e193f8000f6d184b
- https://github.com/facade/ignition/pull/334
- https://github.com/FriendsOfPHP/security-advisories/blob/master/facade/ignition/CVE-2021-3129.yaml
- https://www.ambionics.io/blog/laravel-debug-rce