CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Feb 6, 2024

CVE-2018-15133

High

EPSS 84.4%CISA KEV

Laravel/Laravel Framework

Description

Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key (APP_KEY environment variable).

EPSS — Exploit Probability

84.4%

Higher than 99.3% of all CVEs

Required Action

https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30; https://nvd.nist.gov/vuln/detail/CVE-2018-15133

Risk Assessment

HIGH

In CISA KEV

High EPSS

Details

Severity: High
EPSS: 84.4%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Jan 16, 2024

Added to KEV

Jan 16, 2024

Remediation Due

Feb 6, 2024

Affected Product

Laravel

Laravel Framework

View all Laravel CVEs

External Links

NVD (NIST)CVE Details MITRE CVE