Ignition Remote Code Execution

Discussion in 'News Aggregator' started by Packet Storm, 17 Feb 2022.

  1. Packet Storm

    Packet Storm Guest

    Ignition versions prior to 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.

    Continue reading...
     

Share This Page

Loading...