Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2021-21263

Published: 19/01/2021 Updated: 19/10/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Laravel

Vulnerability Summary

Laravel is a web application framework. Versions of Laravel prior to 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

laravel laravel

Github Repositories

https://github.com/iBotPeaches/ctf-2021

CTF produced for Sourcetoad Q4 2021

Sourcetoad CTF 2021 Produced by @iBotPeaches (Connor Tumbleson), for a Q4 2021 Engineer challenge Originally hosted on CTFdio with a combination of some t3nano instance on AWS Most puzzles were simple indexhtml files leading to assets/images/files Complex puzzles leveraged the services feature of CTFd to deploy a docker image Completed on December 3, 2021 at Sourcetoad w

References

CWE-89https://packagist.org/packages/illuminate/databasehttps://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5xhttps://github.com/laravel/framework/pull/35865https://packagist.org/packages/laravel/frameworkhttps://blog.laravel.com/security-laravel-62011-7302-8221-releasedhttps://nvd.nist.govhttps://github.com/iBotPeaches/ctf-2021
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook