CVE-2018-15133: Laravel Deserialization of Untrusted Data Vulnerability

This content originally appeared on DEV Community and was authored by Freedom Coder

CVE ID

CVE-2018-15133

Vulnerability Name

Laravel Deserialization of Untrusted Data Vulnerability

• Project: Laravel
• Product: Laravel Framework

Date

• Date Added: 2024-01-16
• Due Date: 2024-02-06

Description

Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key (APP_KEY environment variable).

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30; https://nvd.nist.gov/vuln/detail/CVE-2018-15133

Related Security News

• Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub
• AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

This content originally appeared on DEV Community and was authored by Freedom Coder

Print Share Comment Cite Upload Translate Updates

APA

Freedom Coder | Sciencx (2025-07-13T01:20:07+00:00) CVE-2018-15133: Laravel Deserialization of Untrusted Data Vulnerability. Retrieved from https://www.scien.cx/2025/07/13/cve-2018-15133-laravel-deserialization-of-untrusted-data-vulnerability/

MLA

" » CVE-2018-15133: Laravel Deserialization of Untrusted Data Vulnerability." Freedom Coder | Sciencx - Sunday July 13, 2025, https://www.scien.cx/2025/07/13/cve-2018-15133-laravel-deserialization-of-untrusted-data-vulnerability/

HARVARD

Freedom Coder | Sciencx Sunday July 13, 2025 » CVE-2018-15133: Laravel Deserialization of Untrusted Data Vulnerability., viewed ,<https://www.scien.cx/2025/07/13/cve-2018-15133-laravel-deserialization-of-untrusted-data-vulnerability/>

VANCOUVER

Freedom Coder | Sciencx - » CVE-2018-15133: Laravel Deserialization of Untrusted Data Vulnerability. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2025/07/13/cve-2018-15133-laravel-deserialization-of-untrusted-data-vulnerability/

CHICAGO

" » CVE-2018-15133: Laravel Deserialization of Untrusted Data Vulnerability." Freedom Coder | Sciencx - Accessed . https://www.scien.cx/2025/07/13/cve-2018-15133-laravel-deserialization-of-untrusted-data-vulnerability/

IEEE

" » CVE-2018-15133: Laravel Deserialization of Untrusted Data Vulnerability." Freedom Coder | Sciencx [Online]. Available: https://www.scien.cx/2025/07/13/cve-2018-15133-laravel-deserialization-of-untrusted-data-vulnerability/. [Accessed: ]

rf:citation

» CVE-2018-15133: Laravel Deserialization of Untrusted Data Vulnerability | Freedom Coder | Sciencx | https://www.scien.cx/2025/07/13/cve-2018-15133-laravel-deserialization-of-untrusted-data-vulnerability/ |

Please log in to upload a file.

There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.