9.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2019-9081

GHSA ID

GHSA-pfg4-p438-p874

EPSS Score

CWE

CWE-502

Published

5/14/2022

Updated

9/28/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2019-9081

CVE-2019-9081:
Laravel Framework Deserialization Vulnerability

The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the PendingCommand class in PendingCommand.php.

(GitHub Advisory)

9.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2019-9081

GHSA ID

GHSA-pfg4-p438-p874

EPSS Score

CWE

CWE-502

Published

5/14/2022

Updated

9/28/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
laravel/framework	composer	>= 5.7.0, < 6.20.44	6.20.44

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

T** Illumin*t* *ompon*nt o* L*r*v*l *r*m*work *.*.x **s * **s*ri*liz*tion vuln*r**ility t**t **n l*** to r*mot* *o** *x**ution i* t** *ont*nt is *ontroll**l*, r*l*t** to t** `__**stru*t` m*t*o* o* t** P*n*in**omm*n* *l*ss in `P*n*in**omm*n*.p*p`.

Reasoning

No *n*lysis *v*il**l*

9.8

Basic Information

Concerned about an active attack path?

CVE-2019-9081: Laravel Framework Deserialization Vulnerability

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

CVE-2019-9081:
Laravel Framework Deserialization Vulnerability

Vulnerability Intelligence
Miggo AI