OS Command Injection in Laravel Framework
Research is free — Hunters explains how the bug works, the root-cause code pattern, how the fix addresses it, and how to test whether a target is affected, in chat. Investigate & write exploit is a paid run — the engine reads the advisory and fix commits, then builds and validates a working proof-of-concept exploit with reproduction steps.
Affected versions
0 → fixed in 5.8.17
Details
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.
The fix
use escapeshellarg on windows symlink
src/Illuminate/Filesystem/Filesystem.php+1 −1
@@ -254,7 +254,7 @@ public function link($target, $link)$mode = $this->isDirectory($target) ? 'J' : 'H';-exec("mklink /{$mode} \"{$link}\" \"{$target}\"");+exec("mklink /{$mode} ".escapeshellarg($link)." ".escapeshellarg($target));}/**