CVE-2019-9081 Information
Feb 14, 2021
cve
Description
The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable related to the __destruct method of the PendingCommand class in PendingCommand.php.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://github.com/Laworigin/Laworigin.github.io/blob/master/2019/02/21/laravelv5-7E58F8DE5BA8FE58897E58C96rce/index.html https://laworigin.github.io/2019/02/21/laravelv5-7E58F8DE5BA8FE58897E58C96rce/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: