CVE-2021-3129 : Ignition before 2.5.2, as used in Laravel and other products, allows unauthentic

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.

Published 2021-01-12 15:15:16

Updated 2025-02-04 21:15:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2021-3129

Facade » Ignition » For Laravel
Versions before (<) 2.5.2
cpe:2.3:a:facade:ignition:*:*:*:*:*:laravel:*:*
Matching versions
When used together with: Laravel » Laravel

CVE-2021-3129 is in the CISA Known Exploited Vulnerabilities Catalog

This issue is known to have been leveraged as part of a ransomware campaign.

CISA vulnerability name:

Laravel Ignition File Upload Vulnerability

CISA required action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA description:

Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents().

Notes:

https://github.com/facade/ignition/releases/tag/2.5.2; https://nvd.nist.gov/vuln/detail/CVE-2021-3129

Added on 2023-09-18 Action due date 2023-10-09

Exploit prediction scoring system (EPSS) score for CVE-2021-3129

EPSS FAQ

94.29%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2021-3129

Unauthenticated remote code execution in Ignition

Disclosure Date: 2021-01-13

First seen: 2022-12-23

exploit/multi/php/ignition_laravel_debug_rce

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Larave

More information

CVSS scores for CVE-2021-3129

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-02-04
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2021-3129

http://packetstormsecurity.com/files/165999/Ignition-Remote-Code-Execution.html

Ignition Remote Code Execution ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
https://github.com/facade/ignition/pull/334

Fix MakeViewVariableOptionalSolution to disallow stream wrappers and files that do not end in .blade.php by cfreal · Pull Request #334 · facade/ignition · GitHub
Patch;Third Party Advisory
https://www.ambionics.io/blog/laravel-debug-rce

Laravel <= v8.4.2 debug mode: Remote code execution
Exploit;Third Party Advisory
http://packetstormsecurity.com/files/162094/Ignition-2.5.1-Remote-Code-Execution.html

Ignition 2.5.1 Remote Code Execution ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry

Jump to