Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-16894

EPSS 88.79% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-16894

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Laravel Framework 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Laravel Framework是Taylor Otwell软件开发者开发的一款基于PHP的Web应用程序开发框架。 Laravel framework 5.5.21及之前的版本中存在安全漏洞。远程攻击者可利用该漏洞获取敏感信息(例如:密码)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2017-16894

#POC DescriptionSource LinkShenlong Link
1Project Program sederhana hasil belajar python, untuk mendeteksi CVE 2017 – 16894 (remote attackers can obtain sensitive information) https://github.com/ibnurusdianto/CVE-2017-16894POC Details
2Laravel through 5.5.21 is susceptible to information disclosure. An attacker can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: CVE pertains only to the writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting .env permissions. The .env filename is not used exclusively by Laravel. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-16894.yamlPOC Details
3Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E6%A1%86%E6%9E%B6%E6%BC%8F%E6%B4%9E/Laravel%20.env%20%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6%E6%B3%84%E9%9C%B2%20CVE-2017-16894.mdPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-16894

登录查看更多情报信息。

Same Patch Batch · n/a · 2017-11-20 · 15 CVEs total

CVE-2017-16906Horde Groupware 跨站脚本漏洞
CVE-2017-16907Horde Groupware 跨站脚本漏洞
CVE-2017-16908Horde Groupware 跨站脚本漏洞
CVE-2017-16903LvyeCMS 安全漏洞
CVE-2017-16904LvyeCMS 跨站脚本漏洞
CVE-2017-16899Xfig 安全漏洞
CVE-2017-16902Vonage VDV-23 115 安全漏洞
CVE-2017-16898libming 缓冲区错误漏洞
CVE-2017-16896Tiny Tiny RSS forgotpass组件SQL注入漏洞
CVE-2017-11400Belden Hirschmann Tofino Xenon Security Appliance 安全漏洞
CVE-2017-11401Belden Hirschmann Tofino Xenon Security Appliance ModBus DPI过滤器安全漏洞
CVE-2017-11402Belden Hirschmann Tofino Xenon Security Appliance OPC classic和custom netfilter模块安全漏洞
CVE-2017-16544BusyBox 代码注入漏洞
CVE-2017-15110Moodle 安全漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2017-16894

No comments yet

Leave a comment