Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
Metrics
Affected Vendors & Products
Advisories
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-4qwp-7c67-jmcc | Unauthenticated remote code execution in Ignition |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 22 Oct 2025 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 21 Oct 2025 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 21 Oct 2025 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 04 Feb 2025 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
kev
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-10-21T23:35:30.227Z
Reserved: 2021-01-12T00:00:00.000Z
Link: CVE-2021-3129
Updated: 2024-08-03T16:45:51.293Z
Status : Modified
Published: 2021-01-12T15:15:16.453
Modified: 2025-10-22T00:17:43.630
Link: CVE-2021-3129
No data.
OpenCVE Enrichment
No data.
Github GHSA