CVE-2021-3129

Description from NVD

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.

Information Acquisition Date:2021-04-27T14:04Z
CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD References

 https://github.com/facade/ignition/pull/334
     source:MISC
     tags:Patch    Third Party Advisory    
 https://www.ambionics.io/blog/laravel-debug-rce
     source:MISC
     tags:Exploit    Third Party Advisory    
 http://packetstormsecurity.com/files/162094/Ignition-2.5.1-Remote-Code-Execution.html
     source:MISC
     tags:

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:



List of frequently cited URLs

URLNum of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...167
https://lists.astaro.com/ASGV9-IPS-rules.html26
http://t.me/gobies5
https://github.com/SNCKER/CVE-2021-31295
https://qiita.com/reopa_sharkun/items/f3819b2e8727728da82a4
https://www.reddit.com/r/laravel/comments/lh6r5h/psa_larave...4
http://vulmon.com/vulnerabilitydetails?qid=CVE-2021-31293
https://twitter.com/ptracesecurity/status/13526663158577807363
https://isc.sans.edu/diary/rss/277583
http://twinybots.ch3
https://www.ambionics.io/blog/laravel-debug-rce3

Information from Twitter

User URL Info Source Date
Prohacktiv3 https://github.com/ajisai-babu/CVE-2021-3129-exp Source Prohacktiv3      1632649424257032192 2023/03/06
Prohacktiv3 https://twitter.com/Prohacktiv3/status/1632649424257032192/... Source Prohacktiv3      1632649424257032192 2023/03/06

List of frequently cited URLs

URLNum of Times Referred to
alerts.vulmon.com167
lists.astaro.com26
t.me5
github.com5
qiita.com4
www.reddit.com4
vulmon.com3
twitter.com3
isc.sans.edu3
twinybots.ch3
www.ambionics.io3

Information from Twitter

User URL Info Source
Prohacktiv3 github.com Show Tweet
Prohacktiv3 twitter.com Show Tweet

GitHub Search Results: Up to 10
NameURL
No Data

GitHub Search Results: Up to 10
NameURL
No Data

2023/03/06 Score : 0
Added Har-sia Database : 2021/01/12
Last Modified : 2023/03/06
Highest Scored Date : 2021/04/07
Highest Score : 50