Vulnerability Details : CVE-2018-15133
Public exploit exists!
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
Vulnerability category: Cross-site request forgery (CSRF)Execute code
Products affected by CVE-2018-15133
- cpe:2.3:a:laravel:laravel:*:*:*:*:*:*:*:*
- cpe:2.3:a:laravel:laravel:*:*:*:*:*:*:*:*
CVE-2018-15133 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Laravel Deserialization of Untrusted Data Vulnerability
CISA required action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA description:
Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key (APP_KEY environment variable).
Notes:
https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30; https://nvd.nist.gov/vuln/detail/CVE-2018-15133
Added on
2024-01-16
Action due date
2024-02-06
Exploit prediction scoring system (EPSS) score for CVE-2018-15133
88.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2018-15133
-
PHP Laravel Framework token Unserialize Remote Command Execution
Disclosure Date: 2018-08-07First seen: 2020-04-26exploit/unix/http/laravel_token_unserialize_execThis module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x <= 5.6.29. Remote Command Execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header, due to an insecure unserialize call of the decrypt method in Illuminate/Encryption
CVSS scores for CVE-2018-15133
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-03 |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST | 2024-06-10 |
CWE ids for CVE-2018-15133
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2018-15133
-
http://packetstormsecurity.com/files/153641/PHP-Laravel-Framework-Token-Unserialize-Remote-Command-Execution.html
PHP Laravel Framework Token Unserialize Remote Command Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30
Upgrade Guide - Laravel - The PHP Framework For Web ArtisansVendor Advisory
Jump to