Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laravel laravel vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2021-45040
The Spatie media-library-pro library up to and including 1.17.10 and 2.x up to and including 2.1.6 for Laravel allows remote malicious users to upload executable files via the uploads route.
Spatie Laravel Media Library
758
VMScore
CVE-2022-21705
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass...
Octobercms October
691
VMScore
CVE-2018-15133
In Laravel Framework up to and including 5.5.40 and 5.6.x up to and including 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and Pe...
Laravel Laravel
1 EDB exploit
20 Github repositories
1 Article
680
VMScore
CVE-2021-3129
Ignition prior to 2.5.2, as used in Laravel and other products, allows unauthenticated remote malicious users to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel prior to 8....
Facade Ignition
44 Github repositories
1 Article
668
VMScore
CVE-2021-43996
The Ignition component prior to 1.16.15, and 2.0.x prior to 2.0.6, for Laravel has a "fix variable names" feature that can lead to incorrect access control.
Facade Ignition
668
VMScore
CVE-2021-43617
Laravel Framework up to and including 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOT...
Laravel Framework
1 Github repository
668
VMScore
CVE-2021-37333
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser.
Bookingcore Booking Core 2.0
668
VMScore
CVE-2020-23790
An Arbitrary File Upload vulnerability exists in the Golo Laravel theme v 1.1.5.
Uxper Golo 1.1.5
668
VMScore
CVE-2021-21979
In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the...
Bitnami Containers 8.5.4-debian-10-r1
Bitnami Containers 8.5.2-debian-10-r1
Bitnami Containers
Bitnami Containers 6.19.0-debian-10-r0
Bitnami Containers 7.29.0-debian-10-r0
Bitnami Containers 7.30.0-debian-10-r0
Bitnami Containers 8.3.0-debian-10-r0
Bitnami Containers 8.5.2-debian-10-r0
Bitnami Containers 8.5.3-debian-10-r0
Bitnami Containers 8.5.4-debian-10-r0
1 Github repository
668
VMScore
CVE-2020-13909
The Ignition component prior to 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. NOTE: in the 1.x series, versions 1.16.15 and later are unaffected as a consequence of the CVE-2021-43996 fix.
Facade Ignition
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »