CVE-2021-3129

Unauthenticated RCE in Laravel Ignition via File Upload

Summary of the CVE

In affected versions of Laravel Ignition a attack can execute arbitrary code because of the insecure usage of file_get_contents() and file_put_contents(). This is only exploitable for websites that use debug mode.

Affected Versions

Laravel Ignition < 2.5.2 and Laravel < 8.4.2

Anomalies

This exploit needs a php gadget and is therefore using phpggc. You can do this the following ways:
- If you haven't already cloned: git clone https://github.com/cc3305/CVE-2021-3129.git --recursive --shallow-submodules
- Or if you have already cloned in, run this in the local git repo git submodule update --init --depth 1

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
phpggc @ 6ab7c14		phpggc @ 6ab7c14
.gitmodules		.gitmodules
CVE-2021-3129.py		CVE-2021-3129.py
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

phpggc @ 6ab7c14

phpggc @ 6ab7c14

.gitmodules

.gitmodules

CVE-2021-3129.py

CVE-2021-3129.py

README.md

README.md

Repository files navigation

CVE-2021-3129

Summary of the CVE

Affected Versions

Anomalies

References

About

Releases

Packages

Languages

cc3305/CVE-2021-3129

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-3129

Summary of the CVE

Affected Versions

Anomalies

References

About

Resources

Stars

Watchers

Forks

Languages