Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 04 Feb 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2023-09-18'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-07-30T01:45:29.329Z

Reserved: 2021-01-12T00:00:00.000Z

Link: CVE-2021-3129

cve-icon Vulnrichment

Updated: 2024-08-03T16:45:51.293Z

cve-icon NVD

Status : Modified

Published: 2021-01-12T15:15:16.453

Modified: 2025-02-04T21:15:21.940

Link: CVE-2021-3129

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.