Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laravel laravel vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-43808
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser d...
Laravel Framework
1 Github repository
NA
CVE-2022-40734
UniSharp laravel-filemanager (aka Laravel Filemanager) prior to 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem prior to 2.0.0.
Unisharp Laravel Filemanager
578
VMScore
CVE-2018-6330
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
Laravel Framework 5.4.15
578
VMScore
CVE-2021-23814
This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upl...
Unisharp Laravel-filemanager
578
VMScore
CVE-2020-10963
FrozenNode Laravel-Administrator up to and including 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is disconti...
Frozennode Laravel-administrator
1 Github repository
890
VMScore
CVE-2021-45040
The Spatie media-library-pro library up to and including 1.17.10 and 2.x up to and including 2.1.6 for Laravel allows remote malicious users to upload executable files via the uploads route.
Spatie Laravel Media Library
NA
CVE-2022-37333
SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and previous versions and exceedone/laravel-admin v3.0.0 and previous versions, (PHP7) exceedone/exment v4.4.2 and previous versions and exceedone/laravel-admin v2.2.2 and previous versions) allows remote a...
Exceedone Exment
Exceedone Laravel-admin
NA
CVE-2022-38080
Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and previous versions and exceedone/laravel-admin v3.0.0 and previous versions, (PHP7) exceedone/exment v4.4.2 and previous versions and exceedone/laravel-admin v2.2.2 and previous versions) al...
Exceedone Exment
Exceedone Laravel-admin
NA
CVE-2022-38089
Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and previous versions and exceedone/laravel-admin v3.0.0 and previous versions, (PHP7) exceedone/exment v4.4.2 and previous versions and exceedone/laravel-admin v2.2.2 and previous versions) allow...
Exceedone Exment
Exceedone Laravel-admin
NA
CVE-2024-29291
An issue in Laravel Framework 8 through 11 might allow a remote malicious user to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, b...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »