Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-52301

Date: November 12, 2024

Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.

Language: PHP

Severity Score

Related Resources (8)

https://nvd.nist.gov/vuln/detail/CVE-2024-52301
https://lists.debian.org/debian-lts-announce/2024/12/msg00019.html
https://security-tracker.debian.org/tracker/CVE-2024-52301
https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h
https://github.com/laravel/framework
https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2024-52301.yaml
https://github.com/advisories/GHSA-gv7v-rgg6-548h
https://www.mend.io/vulnerability-database/CVE-2024-52301

Weakness Type (CWE)

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CWE-88

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us