Lucene search
K

162 matches found

Positive Technologies
Positive Technologies
added 2024/10/12 12:0 a.m.8 views

PT-2024-10192 · Laravel · Laravel Pulse

Name of the Vulnerable Software and Affected Versions: Laravel Pulse versions prior to 1.3.1 Description: Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability exists in the public remember method within the...

9.3CVSS7.5AI score0.28571EPSS
Exploits3References20
Github Security Blog
Github Security Blog
added 2024/10/08 10:19 p.m.24 views

Livewire Remote Code Execution on File Uploads

In livewire/livewire prior to v2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not validated. An attacker can therefore bypass the validation by uploading a file with a valid MIME type e.g.,...

9.8CVSS6.4AI score0.00846EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2024/10/08 10:19 p.m.103 views

GHSA-F3CX-396F-7JQP Livewire Remote Code Execution on File Uploads

In livewire/livewire prior to v2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not validated. An attacker can therefore bypass the validation by uploading a file with a valid MIME type e.g.,...

7.7CVSS6.3AI score0.00846EPSS
Exploits1References6
Snyk
Snyk
added 2024/10/08 6:43 p.m.3 views

Insufficient Type Distinction

Overview livewire/livewire is an A front-end framework for Laravel. Affected versions of this package are vulnerable to Insufficient Type Distinction when validating uploaded files in the generateHashNameWithOriginalNameEmbedded function. An attacker can execute code by uploading a file with a...

9.8CVSS7AI score0.00846EPSS
Exploits1References2
NVD
NVD
added 2024/10/08 6:15 p.m.59 views

CVE-2024-47823

Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...

9.8CVSS0.00846EPSS
Exploits1References4
CVE
CVE
added 2024/10/08 5:48 p.m.90 views

CVE-2024-47823

CVE-2024-47823 affects livewire/livewire (Laravel). In versions before 2.12.7 and 3.5.2, the uploaded file extension is inferred from MIME type, not from the original filename, enabling an attacker to bypass validation and potentially achieve RCE when a PHP file with a valid MIME type is uploaded...

9.8CVSS6.3AI score0.00846EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2024/10/08 5:48 p.m.65 views

CVE-2024-47823 Livewire Remote Code Execution (RCE) on File Uploads

Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...

7.7CVSS0.00846EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/10/08 5:48 p.m.14 views

CVE-2024-47823 Livewire Remote Code Execution (RCE) on File Uploads

Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...

7.7CVSS6.3AI score0.00846EPSS
Exploits1References4
OSV
OSV
added 2024/10/08 5:48 p.m.28 views

CVE-2024-47823 Livewire Remote Code Execution (RCE) on File Uploads

Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...

7.7CVSS6.6AI score0.00846EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.43 views

Livewire 输入验证错误漏洞

Livewire is Livewire open source a full stack framework for Laravel that allows you to build dynamic UI components without leaving PHP. An input validation error vulnerability exists in Livewire prior to version v3.5.2, which stems from unvalidated actual file extensions for filenames...

9.8CVSS6.5AI score0.00846EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.12 views

PT-2024-32835 · Unknown · Livewire/Livewire

Name of the Vulnerable Software and Affected Versions: livewire/livewire versions prior to 2.12.7 and v3.5.2 Description: The issue is related to insufficient validation of uploaded file extensions in the Livewire framework for Laravel. An attacker can bypass validation by uploading a file with a...

9.8CVSS7.9AI score0.00846EPSS
Exploits1References21
NVD
NVD
added 2024/09/17 7:15 p.m.34 views

CVE-2024-45803

Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting XSS vulnerability has been identified in the /wireui/button endpoint, specifically through the label query parameter. Malicious actors could exploit this...

6.1CVSS0.00392EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/09/17 6:22 p.m.13 views

CVE-2024-45803 Cross site scripting (XSS) Vulnerability on route /wireui/button?label=Content in wireui

Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting XSS vulnerability has been identified in the /wireui/button endpoint, specifically through the label query parameter. Malicious actors could exploit this...

5.1CVSS5.6AI score0.00392EPSS
Exploits0References3
CVE
CVE
added 2024/09/17 6:22 p.m.47 views

CVE-2024-45803

Wire UI (wireui/wireui) for Laravel/Livewire is affected by an XSS in the /wireui/button endpoint via the label query parameter. The input is not properly sanitized, allowing injected JavaScript to execute in the victim’s browser, with potential session hijacking, user impersonation, phishing, or...

6.1CVSS5.8AI score0.00392EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/09/17 6:22 p.m.44 views

CVE-2024-45803 Cross site scripting (XSS) Vulnerability on route /wireui/button?label=Content in wireui

Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting XSS vulnerability has been identified in the /wireui/button endpoint, specifically through the label query parameter. Malicious actors could exploit this...

5.1CVSS0.00392EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.4 views

Wire UI 安全漏洞

Wire UI is a component and repository of Wire UI open source. It is used to support Laravel and Livewire application development. Wire UI has a security vulnerability that stems from insufficient cleaning or escaping of user input. An attacker can exploit the vulnerability to inject malicious...

6.1CVSS6.5AI score0.00392EPSS
Exploits0References4
Veracode
Veracode
added 2024/05/16 7:2 a.m.8 views

Data Leakage

livewire/livewire is vulnerable to Data Leakage. The vulnerability is caused by the $this-validate method not properly filtering the data before returning it, resulting in all properties of the Livewire component, including unvalidated data, being exposed...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/05/15 10:28 p.m.10 views

Data Leakage Vulnerability in livewire/livewire

livewire/livewire versions greater than 2.2.4 and less than 2.2.6 are affected by a data leakage vulnerability. The $this-validate method, which is expected to return only the validated dataset, was returning all properties of the Livewire component. This regression introduced a security risk,...

7AI score
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/15 10:28 p.m.24 views

GHSA-QWVP-268G-JJM8 Data Leakage Vulnerability in livewire/livewire

livewire/livewire versions greater than 2.2.4 and less than 2.2.6 are affected by a data leakage vulnerability. The $this-validate method, which is expected to return only the validated dataset, was returning all properties of the Livewire component. This regression introduced a security risk,...

7AI score
Exploits0References4
Veracode
Veracode
added 2024/03/21 8:22 a.m.22 views

Cross Site Scripting(XSS)

livewire/livewire is vulnerable to Cross-site Scripting XSS. The vulnerability is due to inadequate input sanitization, allowing attackers to inject malicious HTML code via crafted URLs...

6.1CVSS6.5AI score0.00516EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder