What is CVE-2024-52301?

CVE-2024-52301 is a vulnerability in Laravel Framework, classified under Argument Injection. Published 2024-11-12.

Is CVE-2024-52301 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Laravel Framework

CVE-2024-52301

Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the re…

EPSS: 0.657 (98.5th percentile) — read the EPSS interpretation.

Affected products

Laravel Framework — versions < 6.20.45, >= 7.0.0, < 7.30.7, >= 8.0.0, < 8.83.28

Weakness classification (CWE)

CWE-88 — Argument Injection

Public proof-of-concept exploits

Nyamort/CVE-2024-52301
martinhaunschmid/CVE-2024-52301-Research
fckoo/nanwinata-CVE-2024-52301
codebyebrahim/laravel-vuln-checker
fcoomans/HTB-machines
nanwinata/CVE-2024-52301
nomi-sec/PoC-in-GitHub
blue-goheimochi/phpcon-nagoya2025
Otsmane-Ahmed/hackthebox-writeups

References

https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2024-52301?: CVE-2024-52301 is a vulnerability in Laravel Framework, classified under Argument Injection. Published 2024-11-12.
Is CVE-2024-52301 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.