cbcvebase.
CVE-2019-9081
published 2019

CVE-2019-9081: Laravel Framework 5.7.x Illuminate Deserialization Vulnerability The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that…

critical9.8
ITWEXPLOITVulnCheck KEVRansomwareInitial access
Exploited in the wild
Laravel Framework 5.7.x Illuminate Deserialization Vulnerability The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the PendingCommand class in PendingCommand.php. Affected: Laravel Laravel Framework Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. Known Ransomware Campaign Use: Known Exploitation References: https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/; https://cybersecurityworks.com/howdymanage/uploads/file/ransomware-_-2022-spotlight-report_compressed.pdf; https://www.ivanti.com/resources/v/doc/pr-survey-report/ransomware-quarterly-indexreport_q2-q3; https://info.securin.io/hubfs/Securin%20Ransomware%20Report%202023.pdf; https://4502402.fs1.hubspotusercontent-na1.net/hubfs/4502402/Ransomware%20-%20Index%20Update%20Q1%202023.pdf Exploit PoC: https://vulncheck.com/xdb/87a2eca0bae4; https://vulncheck.com/xdb/365069586200

Affected

1 ranges
VendorProductVersion rangeFixed in
laravelframework>= 5.7.0 < 6.20.446.20.44
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.