Vulnerability in Laravel v5.1


laravel CVE-2022-34943

Vulnerability in Laravel

The existence of a critical vulnerability with the ID CVE-2022-34943 and the risk severity CVSSv3 9.8 in the Laravel framework

 which, in case of successful abuse, an unauthenticated remote attacker can execute his desired code on the vulnerable server. It should be noted that this vulnerability has been widely abused on the Internet, and the corresponding payload is sold at a price of 5 thousand dollars to is sold The mentioned vulnerability is related to one of Laravel’s helper functions called ChanceGenerator, and the successful use of this weakness leads to an increase in the level of access. Then, it enables the attacker to run the desired code on the server, which will lead to future malicious consequences.

Vulnerable versions

Laravel version 5.1 is affected by this vulnerability.

Solution

Due to the existence of this vulnerability only in version 5.1 of the Laravel framework, security experts can quickly change the version used and update it. Laravel version 9 was released on March 18, 1400, and it is the latest version available, many security features are included in this version, and how to update to different versions is explained on the official Laravel website.

Source

https://cve.report/CVE-2022-34943

 

 

NewsUncategorized

CVE-2022-34943Laravelآسیب پذیری

Leave a Reply

Your email address will not be published. Required fields are marked *