Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facade ignition vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-3129
Ignition prior to 2.5.2, as used in Laravel and other products, allows unauthenticated remote malicious users to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel prior to 8....
Facade Ignition
44 Github repositories
1 Article
7.5
CVSSv2
CVE-2020-13909
The Ignition component prior to 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. NOTE: in the 1.x series, versions 1.16.15 and later are unaffected as a consequence of the CVE-2021-43996 fix.
Facade Ignition
7.5
CVSSv2
CVE-2021-43996
The Ignition component prior to 1.16.15, and 2.0.x prior to 2.0.6, for Laravel has a "fix variable names" feature that can lead to incorrect access control.
Facade Ignition
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started