CVE-2021-3129
Description
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
- CVSS Version 3.1
- CVSS Version 2.0
CVE ID: CVE-2021-3129
Base Score: 9.8
Base Severity: CRITICAL
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
CVE ID: CVE-2021-3129
Base Score: 7.5
Base Severity: HIGH
Vector String:AV:N/AC:L/Au:N/C:P/I:P/A:P
Proof Of Concept
Nuclei Templates for CVE-2021-3129
Refrence: Project Discovery GitHub
ambionics
Exploit for CVE-2021-3129
Refrence: GitHub
SNCKER
Laravel debug rce
Refrence: GitHub
SecPros-Team
Refrence: GitHub
crisprss
Refrence: GitHub
nth347
Exploit for CVE-2021-3129
Refrence: GitHub
FunPhishing
Refrence: GitHub
zhzyker
Laravel <= v8.4.2 debug mode: Remote code execution (CVE-2021-3129)
Refrence: GitHub
Y0s9
CVE-2021-3129-Laravel Debug mode 远程代码执行漏洞
Refrence: GitHub
idea-oss
Refrence: GitHub
knqyf263
PoC for CVE-2021-3129 (Laravel)
Refrence: GitHub
cuongtop4598
Add revert shell
Refrence: GitHub
joshuavanderpoll
Laravel RCE Exploit Script - CVE-2021-3129
Refrence: GitHub
shadowabi
CVE-2021-3129 POC
Refrence: GitHub
JacobEbben
Unauthenticated RCE in Laravel Debug Mode <8.4.2
Refrence: GitHub
hupe1980
Laravel debug mode - Remote Code Execution (RCE)
Refrence: GitHub
0nion1
CVE-2021-3129-Laravel Debug mode
Refrence: GitHub
MadExploits
CVE-2021-3129 Exploit Checker By ./MrMad
Refrence: GitHub
ajisai-babu
Laravel Debug mode RCE漏洞(CVE-2021-3129)poc / exp
Refrence: GitHub
keyuan15
Laravel RCE CVE-2021-3129
Refrence: GitHub
qaisarafridi
Refrence: GitHub
Zoo1sondv
Refrence: GitHub
miko550
Laravel RCE (CVE-2021-3129)
Refrence: GitHub
wmasday
CVE-2021-3129 | Laravel Debug Mode Vulnerability
Refrence: GitHub
banyaksepuh
Refrence: GitHub
Axianke
CVE-2021-3129
Refrence: GitHub
cc3305
A exploit script for CVE-2021-3129
Refrence: GitHub
piperpwn
Laravel Debug Mode and Payload
Refrence: GitHub
0x0d3ad
CVE-2021-3129 Laravel Ignition RCE Exploit
Refrence: GitHub
Content on GitHub
zhzyker | watchers:3383
vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
Refrence: GitHub
aurelien-vilminot | watchers:0
ENSIMAG_EXPLOIT_CVE2_3A
Ensimag 3A - Exploit on CVE 2021-3129
Refrence: GitHub
qaisarafridi | watchers:0
cve-2021-31290
Refrence: GitHub
Refrence: NVD