CVE-2024-52301

HIGH Year: 2024
Weakness Type
CWE-88
View all →

Vulnerability Description

Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.

Related Vulnerabilities

CVE-2018-3856

CRITICAL
CVSS:9.9(Critical)

An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL fiel...

CWE-882018

CVE-2024-39930

CRITICAL
CVSS:9.9(Critical)

The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection...

CWE-882024

CVE-2024-47553

CRITICAL
CVSS:9.9(Critical)

A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ```ssmctl-client``` command. This c...

CWE-882024

CVE-2016-10033

CRITICAL
CVSS:9.8(Critical)

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (bac...

CWE-882016

CVE-2017-1001003

CRITICAL
CVSS:9.8(Critical)

math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.

CWE-882017

CVE-2018-10992

CRITICAL
CVSS:9.8(Critical)

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injec...

CWE-882018