Detections
Analytics

Laravel Framework < 5.5.41 / 5.6.x < 5.6.30 RCE

high Nessus Plugin ID 193333

Language:

Synopsis

A PHP library installed on the remote host is affected by a remote code execution vulnerability.

Description

The version of Laravel Framework installed of the remote host is prior to 5.5.41 or 5.6.x prior to 5.6.30. It is, therefore, affected by a remote code execution vulnerability due to an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Also note that this plugin does not distinguish between PHP packages installed via the OS package manager, PHP packages installed via Composer, or other sources. As a result, packages provided by your OS package repository may have backported fixes that this plugin may incorrectly report as vulnerable. Please refer to the OS-specific plugins for CVE-2018-15133 to check for backported fixes.

Solution

Upgrade to Laravel Framework version 5.5.41, 5.6.30 or later.

See Also

https://laravel.com/

Plugin Details

Severity: High

ID: 193333

File Name: laravel_CVE-2018-15133.nasl

Version: 1.2

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 4/15/2024

Updated: 4/16/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-15133

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:laravel:laravel

Required KB Items: language_library/package/composer/enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/8/2018

Vulnerability Publication Date: 8/8/2018

CISA Known Exploited Vulnerability Due Dates: 2/6/2024

Reference Information

CVE: CVE-2018-15133