Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laravel vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2023-24249
An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows malicious users to execute arbitrary code via a crafted PHP file.
Laravel-admin Laravel-admin 1.8.19
4.8
CVSSv3
CVE-2019-17433
z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen.
Laravel-admin Laravel-admin 1.7.3
9.8
CVSSv3
CVE-2021-4262
A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is fbc2d9...
Laravel Jqgrid Project Laravel Jqgrid
6.1
CVSSv3
CVE-2019-17494
laravel-bjyblog 6.1.1 has XSS via a crafted URL.
Laravel-bjyblog Project Laravel-bjyblog 6.1.1
7.5
CVSSv3
CVE-2018-8947
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote malicious users to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.
Laravel Log Viewer Project Laravel Log Viewer
1 EDB exploit
5.3
CVSSv3
CVE-2022-40482
The authentication method in Laravel 8.x up to and including 9.x prior to 9.32.0 exists to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\Sessi...
Laravel Framework
8.1
CVSSv3
CVE-2022-25838
Laravel Fortify prior to 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept.
Laravel Fortify
8.8
CVSSv3
CVE-2024-22859
Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote malicious users to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate clie...
Laravel Livewire
8.8
CVSSv3
CVE-2020-19316
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework prior to 5.8.17.
Laravel Framework
9.8
CVSSv3
CVE-2021-43617
Laravel Framework up to and including 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOT...
Laravel Framework
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »