vulnerability
Facade Ignition: CVE-2021-3129: Improper Input Validation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Jan 12, 2021 | Aug 12, 2025 | Aug 12, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jan 12, 2021
Added
Aug 12, 2025
Modified
Aug 12, 2025
Description
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
Solution
facade-ignition-upgrade-latest
References
- CVE-2021-3129
- https://attackerkb.com/topics/CVE-2021-3129
- URL-http://packetstormsecurity.com/files/162094/Ignition-2.5.1-Remote-Code-Execution.html
- URL-http://packetstormsecurity.com/files/165999/Ignition-Remote-Code-Execution.html
- URL-https://github.com/facade/ignition/pull/334
- URL-https://www.ambionics.io/blog/laravel-debug-rce
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.