Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-16894Sensitive Information Exposure in Laravel

CWE-200Sensitive Information Exposure8 documents8 sources
Severity
7.5HIGHNVD
EPSS
88.8%
top 0.48%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
LaravelDebian Php-laravel-framework
Timeline
PublishedNov 20
Latest updateMay 14

Description

In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDlaravel/laravel5.5.21

🔴Vulnerability Details

2
GHSA
GHSA-2v4r-7m2m-5chh: In Laravel framework through 52022-05-14
VulnCheck
Laravel Laravel Framework Exposure of Sensitive Information to an Unauthorized Actor2017

💥Exploits & PoCs

3
Exploit-DB
PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)2019-07-16
Nuclei
Laravel <5.5.21 - Information Disclosure
Metasploit
PHP Laravel Framework token Unserialize Remote Command Execution

📋Vendor Advisories

1
Debian
CVE-2017-16894: php-laravel-framework - In Laravel framework through 5.5.21, remote attackers can obtain sensitive infor...2017

🕵️Threat Intelligence

1
Greynoiseio
Change in ENV Crawler Tags as Bots Continue to Target Environment Files
CVE-2017-16894 — Sensitive Information Exposure | cvebase