CVE-2021-3129
packagist/facade/ignition
Code Injection
Ignition, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents()
and file_put_contents()
. This is exploitable on sites using debug mode with Laravel
All versions before 2.5.2
Upgrade to version 2.5.2 or above.
2021-01-21
source |