Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laravel laravel vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-22859
Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote malicious users to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate clie...
Laravel Livewire
6.5
CVSSv2
CVE-2020-10963
FrozenNode Laravel-Administrator up to and including 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is disconti...
Frozennode Laravel-administrator
1 Github repository
6.5
CVSSv2
CVE-2018-6330
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
Laravel Framework 5.4.15
6.5
CVSSv2
CVE-2021-23814
This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upl...
Unisharp Laravel-filemanager
NA
CVE-2022-40734
UniSharp laravel-filemanager (aka Laravel Filemanager) prior to 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem prior to 2.0.0.
Unisharp Laravel Filemanager
10
CVSSv2
CVE-2021-45040
The Spatie media-library-pro library up to and including 1.17.10 and 2.x up to and including 2.1.6 for Laravel allows remote malicious users to upload executable files via the uploads route.
Spatie Laravel Media Library
NA
CVE-2022-38080
Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and previous versions and exceedone/laravel-admin v3.0.0 and previous versions, (PHP7) exceedone/exment v4.4.2 and previous versions and exceedone/laravel-admin v2.2.2 and previous versions) al...
Exceedone Exment
Exceedone Laravel-admin
NA
CVE-2022-37333
SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and previous versions and exceedone/laravel-admin v3.0.0 and previous versions, (PHP7) exceedone/exment v4.4.2 and previous versions and exceedone/laravel-admin v2.2.2 and previous versions) allows remote a...
Exceedone Exment
Exceedone Laravel-admin
NA
CVE-2022-38089
Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and previous versions and exceedone/laravel-admin v3.0.0 and previous versions, (PHP7) exceedone/exment v4.4.2 and previous versions and exceedone/laravel-admin v2.2.2 and previous versions) allow...
Exceedone Exment
Exceedone Laravel-admin
NA
CVE-2024-29291
An issue in Laravel Framework 8 through 11 might allow a remote malicious user to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, b...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »