Main Vulnerability Database Vulnerabilities #VU100356

#VU100356 Security features bypass in Laravel Framework - CVE-2024-52301

Published: November 12, 2024 / Updated: June 20, 2025

Vulnerability identifier: #VU100356

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2024-52301

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Laravel Framework

Software vendor:
Laravel LLC

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the application allows environment variable manipulation when the register_argc_argv php directive is set to on. A remote attacker can query any URL with a special crafted query string and alter values of environment variables. This can result in disclosure of sensitive information and potential unauthorized data manipulation.

Remediation

Install updates from vendor's website.

External links

https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h

#VU100356 Security features bypass in Laravel Framework - CVE-2024-52301

Description

Remediation

External links

Please verify you're human