CVE-2021-28254
9.8CRITICALA deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands.
Published: 4/19/2023Updated: 3/5/2025
Description
A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands.
AI AnalysisPowered by AI
Affected Products
laravellaravel
8.5.9
References
- https://s1mple-top.github.io/2021/03/09/Laravel8-new-pop-chain-mining-process/ExploitThird Party Advisory
- https://s1mple-top.github.io/2021/03/09/Laravel8-new-pop-chain-mining-process/ExploitThird Party Advisory