Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laravel laravel vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2022-25838
Laravel Fortify prior to 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept.
Laravel Fortify
NA
CVE-2022-40734
UniSharp laravel-filemanager (aka Laravel Filemanager) prior to 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem prior to 2.0.0.
Unisharp Laravel Filemanager
6.5
CVSSv2
CVE-2020-10963
FrozenNode Laravel-Administrator up to and including 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is disconti...
Frozennode Laravel-administrator
1 Github repository
6.5
CVSSv2
CVE-2021-23814
This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upl...
Unisharp Laravel-filemanager
6.5
CVSSv2
CVE-2018-6330
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
Laravel Framework 5.4.15
10
CVSSv2
CVE-2021-45040
The Spatie media-library-pro library up to and including 1.17.10 and 2.x up to and including 2.1.6 for Laravel allows remote malicious users to upload executable files via the uploads route.
Spatie Laravel Media Library
NA
CVE-2022-38089
Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and previous versions and exceedone/laravel-admin v3.0.0 and previous versions, (PHP7) exceedone/exment v4.4.2 and previous versions and exceedone/laravel-admin v2.2.2 and previous versions) allow...
Exceedone Exment
Exceedone Laravel-admin
NA
CVE-2022-37333
SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and previous versions and exceedone/laravel-admin v3.0.0 and previous versions, (PHP7) exceedone/exment v4.4.2 and previous versions and exceedone/laravel-admin v2.2.2 and previous versions) allows remote a...
Exceedone Exment
Exceedone Laravel-admin
NA
CVE-2022-38080
Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and previous versions and exceedone/laravel-admin v3.0.0 and previous versions, (PHP7) exceedone/exment v4.4.2 and previous versions and exceedone/laravel-admin v2.2.2 and previous versions) al...
Exceedone Exment
Exceedone Laravel-admin
NA
CVE-2024-29291
An issue in Laravel Framework 8 through 11 might allow a remote malicious user to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, b...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »