Lucene search
GoogleOSV:CVE-2017-16894HistoryNov 20, 2017 - 1:29 a.m.
CVE-2017-16894
2017-11-2001:29:00
Google
osv.dev
8
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework’s writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.
Related
cvelist
cvelist
CVE-2017-16894
2017-11-20 01:00:00
cve
cve
CVE-2017-16894
2017-11-20 01:29:00
debiancve
debiancve
CVE-2017-16894
2017-11-20 01:29:00
nuclei
nuclei
Laravel <5.5.21 - Information Disclosure
2023-04-13 05:38:32
nvd
nvd
CVE-2017-16894
2017-11-20 01:29:00
prion
prion
Code injection
2017-11-20 01:29:00
veracode
veracode
Information Disclosure
2017-11-20 09:08:58
attackerkb
attackerkb
Laravel Framework Unserialize Token RCE (CVE-2018-15133)
2018-08-09 00:00:00
zdt
zdt
PHP Laravel Framework Token Unserialize Remote Command Execution Exploit
2019-07-15 00:00:00
packetstorm
packetstorm
PHP Laravel Framework Token Unserialize Remote Command Execution
2019-07-15 00:00:00
metasploit
metasploit
PHP Laravel Framework token Unserialize Remote Command Execution
2019-07-07 14:50:13
exploitdb
exploitdb