CVE-2018-15133CISA KEV: Actively Exploited

Laravel Deserialization of Untrusted Data Vulnerability

Published Jan 16, 2024·Updated Jan 16, 2024

Description

Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key (APP_KEY environment variable).

Public Exploits & PoCs9 found

PoC: laravel-poc-CVE-2018-15133

PoC for CVE-2018-15133 (Laravel unserialize vulnerability)

241

PoC: exploit_laravel_cve-2018-15133

Exploit for Laravel Remote Code Execution with API_KEY (CVE-2018-15133)

33

PoC: Larascript

Laravel RCE exploit. CVE-2018-15133

26

PoC: Laravel-PHP-Unit-RCE-Auto-shell-uploader

Laravel-PHP-Unit-RCE (CVE-2018-15133) Auto Exploiter and Shell Uploader

3

PoC: laravel-rce-cve-2018-15133

CVE-2018-15133 (Webased)

1

PoC: Laravel-CVE-2018-15133

Cette exploit en python va vous permettre de créer des listes de sites et les exploiter rapidement.

1

PoC: CVE-2018-15133-laravel-framework

Reproducible Docker lab for CVE-2018-15133 (Laravel Framework token unserialize RCE)

PoC: CVE-2018-15133-Lavel-Expliot

Lavel Expliot CVE-2018-15133 / An Expliot I wrote a long time ago for a CTF box.

PoC: better-poc-for-CVE-2018-15133

An automated PoC for CVE 2018-15133

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free