CVE-2024-52301

Name of the Vulnerable Software and Affected Versions Laravel versions 6.20.45 through 11.31.0

Description The issue is related to the register argc argv php directive being set to on, allowing users to change the environment used by the framework when handling requests with a special crafted query string. This can lead to unauthorized access and data tampering. More than 830,000 instances are potentially affected.

Recommendations For versions 6.20.45 through 11.31.0, update to the latest version where the framework now ignores argv values for environment detection on non-cli SAPIs. As a temporary workaround, consider setting the register argc argv php directive to off until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation.