CVE-2024-29291

EXPLOITED

Laravel Framework <11 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-29291 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Huseein Amer.

AI-analyzed exploit summary This exploit demonstrates an information leakage vulnerability in Laravel Framework versions 8.* to 11.* where database credentials are exposed in the log file. The PoC instructs users to navigate to the log file and search for specific strings to extract credentials.

Description

An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the access control appropriately for the type of data that may be logged.

Exploits (1)

exploitdb WORKING POC
by Huseein Amer · textwebappsphp
https://www.exploit-db.com/exploits/52000

This exploit demonstrates an information leakage vulnerability in Laravel Framework versions 8.* to 11.* where database credentials are exposed in the log file. The PoC instructs users to navigate to the log file and search for specific strings to extract credentials.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Laravel Framework 8.* - 11.*
No auth needed
Prerequisites: Access to the Laravel application's log file (storage/logs/laravel.log)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

EPSS 0.0535
EPSS Percentile 90.3%

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

VulnCheck KEV 2025-02-27
CWE
CWE-200
Status published
Published Apr 16, 2024
Tracked Since Feb 18, 2026