CVE-2021-3129

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 12, 2021
Published Date: January 12, 2021
Last Updated: February 04, 2025
Vendor: n/a
Product: n/a
Description: Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2025-04-24 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2023-07-26 08:05:25 UTC) Source
Used in Malware: Yes (added 2023-09-18 00:00:00 UTC) Source

References

https://www.ambionics.io/blog/laravel-debug-rce https://github.com/facade/ignition/pull/334 http://packetstormsecurity.com/files/162094/Ignition-2.5.1-Remote-Code-Execution.html http://packetstormsecurity.com/files/165999/Ignition-Remote-Code-Execution.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2023-09-18 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/php/ignition_laravel_debug_rce.rb	2025-04-29 11:01:25 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-3129.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

ignition_laravel_debug_rce

Type: metasploit • Created: Unknown

Metasploit module for CVE-2021-3129

0x0d3ad/CVE-2021-3129

Type: github • Created: 2024-09-29 05:09:41 UTC • Stars: 4

CVE-2021-3129 (Laravel Ignition RCE Exploit)

Axianke/CVE-2021-3129

Type: github • Created: 2024-01-15 07:12:07 UTC • Stars: 5

CVE-2021-3129

wmasday/CVE-2021-3129

Type: github • Created: 2023-07-27 12:14:01 UTC • Stars: 2

CVE-2021-3129 | Laravel Debug Mode Vulnerability

miko550/CVE-2021-3129

Type: github • Created: 2023-07-26 08:05:25 UTC • Stars: 0

Laravel RCE (CVE-2021-3129)

ajisai-babu/CVE-2021-3129-exp

Type: github • Created: 2023-03-04 17:04:38 UTC • Stars: 6

Laravel Debug mode RCE漏洞（CVE-2021-3129）poc / exp

0nion1/CVE-2021-3129

Type: github • Created: 2022-10-11 08:53:05 UTC • Stars: 6

CVE-2021-3129-Laravel Debug mode

shadowabi/Laravel-CVE-2021-3129

Type: github • Created: 2022-06-04 10:58:47 UTC • Stars: 5

CVE-2021-3129 POC

joshuavanderpoll/CVE-2021-3129

Type: github • Created: 2022-04-16 17:22:55 UTC • Stars: 104

Laravel RCE Exploit Script - CVE-2021-3129

cuongtop4598/CVE-2021-3129-Script

Type: github • Created: 2022-04-08 06:34:17 UTC • Stars: 8

Add revert shell

knqyf263/CVE-2021-3129

Type: github • Created: 2021-10-01 09:09:38 UTC • Stars: 13

PoC for CVE-2021-3129 (Laravel)

idea-oss/laravel-CVE-2021-3129-EXP

Type: github • Created: 2021-07-22 07:35:04 UTC • Stars: 1

Y0s9/CVE-2021-3129

Type: github • Created: 2021-04-11 05:47:43 UTC • Stars: 0

CVE-2021-3129-Laravel Debug mode 远程代码执行漏洞

zhzyker/CVE-2021-3129

Type: github • Created: 2021-02-18 05:42:13 UTC • Stars: 153

Laravel <= v8.4.2 debug mode: Remote code execution (CVE-2021-3129)

FunPhishing/Laravel-8.4.2-rce-CVE-2021-3129

Type: github • Created: 2021-02-14 09:24:07 UTC • Stars: 2

nth347/CVE-2021-3129_exploit

Type: github • Created: 2021-01-27 10:16:35 UTC • Stars: 65

Exploit for CVE-2021-3129

crisprss/Laravel_CVE-2021-3129_EXP

Type: github • Created: 2021-01-27 05:44:52 UTC • Stars: 17

SecPros-Team/laravel-CVE-2021-3129-EXP

Type: github • Created: 2021-01-25 08:42:28 UTC • Stars: 72

SNCKER/CVE-2021-3129

Type: github • Created: 2021-01-22 05:12:21 UTC • Stars: 127

Laravel debug rce