CVE-2024-52301
HIGHCVSS v3
7.5
HIGH
EPSS Score
60.1%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.
Technical Details
- Published
- 11/12/2024
Frequently Asked Questions
What is CVE-2024-52301?
Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.
Is CVE-2024-52301 actively exploited?
Active exploitation of CVE-2024-52301 has not been confirmed. The EPSS score is 60.1%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2024-52301?
CVE-2024-52301 has a CVSS v3 base score of 7.5 (HIGH severity).
Is CVE-2024-52301 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.