Exploit for #VU26581 Deserialization of Untrusted Data in Laravel Framework

Published: 2020-04-05 | Updated: 2023-05-16

Vulnerability identifier: #VU26581

Vulnerability risk: Medium

CVSSv4.0: 9.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2018-15133

CWE-ID: CWE-502

Exploitation vector: Network

Exploits in database: 9

May 16, 2023
- Lab-for-cve-2018-15133 (Ejecución de exploit de deserialización con CVE-2017-5941) [Github]
April 5, 2023
- CVE-2018-15133-Lavel-Expliot ("Lavel Exploit CVE-2018-15133 is a powerful exploit that allows attackers to gain unauthorized access to vulnerable systems. This exploit was originally developed as part of a Capture The Flag (CTF) challenge and has since be [Github]
June 17, 2021
- PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit) [Exploit-DB]
December 23, 2020
- Larascript (Laravel RCE exploit. CVE-2018-15133) [Github]
November 17, 2020
- exploit_laravel_cve-2018-15133 (Exploit for Laravel Remote Code Execution with API_KEY (CVE-2018-15133)) [Github]
July 22, 2020
- Laravel-CVE-2018-15133 (Cette exploit en python va vous permettre de créer des listes de sites et les exploiter rapidement.) [Github]
April 7, 2020
- Laravel-CVE-2018-15133 (Cette exploit en python va vous permettre de créer des listes de sites et les exploiter rapidement.) [Github]
- PHP Laravel Framework token Unserialize Remote Command Execution [Metasploit]
April 5, 2020
- Laravel-PHP-Unit-RCE-Auto-shell-uploader (Laravel-PHP-Unit-RCE (CVE-2018-15133) Auto Exploiter and Shell Uploader) [Github]

Vulnerable software:
Laravel Framework
Client/Desktop applications / Software for system administration

Vendor: Laravel LLC