cvedb.io
CVE-2024-52301
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2024-11-12T20:15:14.087 · Last modified 2026-06-17T08:06:58.240

Summary

Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.

Affected products

laravel — framework

Does this affect you?

Add your gear to cvedb and we'll alert you only when laravel ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.