Laravel Terminal open
Description
The Laravel Terminal package is installed and publicly accessible on this web application. Laravel Terminal is a development tool that provides a web-based command-line interface for executing system commands and artisan commands directly through the browser. When enabled in production environments, it exposes critical application internals and allows unauthorized command execution, representing a severe security misconfiguration.
Remediation
Immediately disable Laravel Terminal in production environments by removing the package or restricting access through the following steps:
1. Remove the package entirely if not needed for development:
composer remove recca0120/laravel-terminal
2. If the package must remain installed, ensure it is only loaded in non-production environments by modifying
config/app.php:if (env('APP_ENV') !== 'production') {
$app->register(Recca0120\Terminal\TerminalServiceProvider::class);
}3. Implement IP-based access restrictions in your web server configuration to limit access to trusted addresses only.
4. Verify the
APP_ENV environment variable is set to 'production' on all production servers.5. Conduct a security audit to ensure no unauthorized commands were executed while the terminal was exposed.