Vulnerability in Laravel
which, in case of successful abuse, an unauthenticated remote attacker can execute his desired code on the vulnerable server. It should be noted that this vulnerability has been widely abused on the Internet, and the corresponding payload is sold at a price of 5 thousand dollars to is sold The mentioned vulnerability is related to one of Laravel’s helper functions called ChanceGenerator, and the successful use of this weakness leads to an increase in the level of access. Then, it enables the attacker to run the desired code on the server, which will lead to future malicious consequences.
Vulnerable versions
Solution
Due to the existence of this vulnerability only in version 5.1 of the Laravel framework, security experts can quickly change the version used and update it. Laravel version 9 was released on March 18, 1400, and it is the latest version available, many security features are included in this version, and how to update to different versions is explained on the official Laravel website.
Source
https://cve.report/CVE-2022-34943