Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laravel framework vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-43617
Laravel Framework up to and including 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOT...
Laravel Framework
1 Github repository
8.8
CVSSv3
CVE-2020-19316
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework prior to 5.8.17.
Laravel Framework
5.3
CVSSv3
CVE-2022-40482
The authentication method in Laravel 8.x up to and including 9.x prior to 9.32.0 exists to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\Sessi...
Laravel Framework
6.1
CVSSv3
CVE-2021-43808
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser d...
Laravel Framework
1 Github repository
8.8
CVSSv3
CVE-2018-6330
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
Laravel Framework 5.4.15
7.5
CVSSv3
CVE-2017-16894
In Laravel framework up to and including 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illum...
Laravel Laravel
1 EDB exploit
2 Github repositories
8.1
CVSSv3
CVE-2018-15133
In Laravel Framework up to and including 5.5.40 and 5.6.x up to and including 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and Pe...
Laravel Laravel
1 EDB exploit
20 Github repositories
1 Article
5.3
CVSSv3
CVE-2021-21263
Laravel is a web application framework. Versions of Laravel prior to 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a no...
Laravel Laravel
1 Github repository
NA
CVE-2024-29291
An issue in Laravel Framework 8 through 11 might allow a remote malicious user to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, b...
NA
CVE-2022-34943
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »