mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
956 B
956 B
CVE-2024-29291
Description
** DISPUTED ** An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the access control appropriately for the type of data that may be logged.
POC
Reference
- https://gist.github.com/whiteman007/43bd7fa1fa0e47554b33f0cf93066784
- https://gist.github.com/whiteman007/43bd7fa1fa0e47554b33f0cf93066784