Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laravel laravel vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-40482
The authentication method in Laravel 8.x up to and including 9.x prior to 9.32.0 exists to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\Sessi...
Laravel Framework
578
VMScore
CVE-2021-23814
This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upl...
Unisharp Laravel-filemanager
578
VMScore
CVE-2020-10963
FrozenNode Laravel-Administrator up to and including 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is disconti...
Frozennode Laravel-administrator
1 Github repository
578
VMScore
CVE-2018-6330
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
Laravel Framework 5.4.15
NA
CVE-2022-40734
UniSharp laravel-filemanager (aka Laravel Filemanager) prior to 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem prior to 2.0.0.
Unisharp Laravel Filemanager
890
VMScore
CVE-2021-45040
The Spatie media-library-pro library up to and including 1.17.10 and 2.x up to and including 2.1.6 for Laravel allows remote malicious users to upload executable files via the uploads route.
Spatie Laravel Media Library
NA
CVE-2022-37333
SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and previous versions and exceedone/laravel-admin v3.0.0 and previous versions, (PHP7) exceedone/exment v4.4.2 and previous versions and exceedone/laravel-admin v2.2.2 and previous versions) allows remote a...
Exceedone Exment
Exceedone Laravel-admin
NA
CVE-2022-38089
Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and previous versions and exceedone/laravel-admin v3.0.0 and previous versions, (PHP7) exceedone/exment v4.4.2 and previous versions and exceedone/laravel-admin v2.2.2 and previous versions) allow...
Exceedone Exment
Exceedone Laravel-admin
NA
CVE-2022-38080
Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and previous versions and exceedone/laravel-admin v3.0.0 and previous versions, (PHP7) exceedone/exment v4.4.2 and previous versions and exceedone/laravel-admin v2.2.2 and previous versions) al...
Exceedone Exment
Exceedone Laravel-admin
NA
CVE-2024-29291
An issue in Laravel Framework 8 through 11 might allow a remote malicious user to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, b...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »