Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laravel framework vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-40482
The authentication method in Laravel 8.x up to and including 9.x prior to 9.32.0 exists to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\Sessi...
Laravel Framework
605
VMScore
CVE-2020-19316
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework prior to 5.8.17.
Laravel Framework
668
VMScore
CVE-2021-43617
Laravel Framework up to and including 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOT...
Laravel Framework
1 Github repository
383
VMScore
CVE-2021-43808
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser d...
Laravel Framework
1 Github repository
578
VMScore
CVE-2018-6330
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
Laravel Framework 5.4.15
506
VMScore
CVE-2017-16894
In Laravel framework up to and including 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illum...
Laravel Laravel
1 EDB exploit
2 Github repositories
691
VMScore
CVE-2018-15133
In Laravel Framework up to and including 5.5.40 and 5.6.x up to and including 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and Pe...
Laravel Laravel
1 EDB exploit
20 Github repositories
1 Article
445
VMScore
CVE-2021-21263
Laravel is a web application framework. Versions of Laravel prior to 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a no...
Laravel Laravel
1 Github repository
NA
CVE-2024-29291
An issue in Laravel Framework 8 through 11 might allow a remote malicious user to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, b...
NA
CVE-2021-37298
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »