CVE-2021-3129 - Laravel Ignition File Upload Vulnerability

Vulnerability Name

Laravel Ignition File Upload Vulnerability

Description

Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents().

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://github.com/facade/ignition/releases/tag/2.5.2

https://nvd.nist.gov/vuln/detail/CVE-2021-3129

Related News Articles

Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT DevicesOctober 29, 2025

Cisco Previews AI Defenses to Cloud Security PlatformJanuary 21, 2025

CRYSTALRAY hacker expands to 1,500 breached systems using SSH-Snake toolJuly 11, 2024