QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3129

Published: Jan 12, 2021

Modified: Oct 21, 2025

PUBLISHED

Description

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.ambionics.io/blog/laravel-debug-rce

x_refsource_MISC

https://github.com/facade/ignition/pull/334

x_refsource_MISC

http://packetstormsecurity.com/files/162094/Ignition-2.5.1-Remote-Code-Execution.html

x_refsource_MISC

http://packetstormsecurity.com/files/165999/Ignition-Remote-Code-Execution.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.