Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Query Binding Exploitation

🗓️ 19 Jan 2021 19:36:51Reported by GitHub Advisory DatabaseType 
github
 github🔗 github.com👁 111 Views

Laravel versions <6.20.12, <7.30.3 & <8.22.1 contain a query binding exploitation. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results

Related
Detection
Refs
ReporterTitlePublishedViews
Family
Circl		CVE-2021-21263
19 Jan 202122:25
circl
CNNVD		Laravel Framework SQL Injection Vulnerability
19 Jan 202100:00
cnnvd
CVE		CVE-2021-21263
19 Jan 202119:40
cve
Cvelist		CVE-2021-21263 Query Binding Exploitation in Laravel
19 Jan 202119:40
cvelist
Debian CVE		CVE-2021-21263
19 Jan 202119:40
debiancve
EUVD		EUVD-2021-0484
7 Oct 202500:30
euvd
Friends Of PHP		Unexpected bindings in QueryBuilder
13 Jan 202014:35
friendsofphp
Friends Of PHP		Unexpected bindings in QueryBuilder
13 Jan 202014:35
friendsofphp
NVD		CVE-2021-21263
19 Jan 202120:15
nvd
OSV		BIT-LARAVEL-2021-21263 Query Binding Exploitation in Laravel
6 Mar 202410:55
osv
Rows per page
Vulners
Node
laravelframeworkRange7.0.07.30.2composer
OR
laravelframeworkRange6.0.06.20.11composer
OR
illuminatedatabaseRange6.0.06.20.12composer
OR
illuminatedatabaseRange8.0.08.22.1composer
OR
illuminatedatabaseRange7.0.07.30.3composer
OR
laravelframeworkRange8.0.08.22.1composer

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Feb 2024 05:07Current
0.5Low risk
Vulners AI Score0.5
CVSS 25
CVSS 3.15.3 - 7.2
EPSS0.01139
CWE-74CWE-89
laravelquery binding exploitationvalidationtim groenevelt
111