Vulnerability CVE-2018-15133


Published: 2018-08-09

Description:
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.

See advisories in our WLB2 database:
Topic
Author
Date
High
PHP Laravel Framework Token Unserialize Remote Command Execution
aushack
16.07.2019

Type:

CWE-502

(Deserialization of Untrusted Data)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Laravel -> Laravel 

 References:
http://packetstormsecurity.com/files/153641/PHP-Laravel-Framework-Token-Unserialize-Remote-Command-Execution.html
https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30

Copyright 2024, cxsecurity.com

 

Back to Top