162 matches found
PT-2024-10192 · Laravel · Laravel Pulse
Name of the Vulnerable Software and Affected Versions: Laravel Pulse versions prior to 1.3.1 Description: Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability exists in the public remember method within the...
Livewire Remote Code Execution on File Uploads
In livewire/livewire prior to v2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not validated. An attacker can therefore bypass the validation by uploading a file with a valid MIME type e.g.,...
GHSA-F3CX-396F-7JQP Livewire Remote Code Execution on File Uploads
In livewire/livewire prior to v2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not validated. An attacker can therefore bypass the validation by uploading a file with a valid MIME type e.g.,...
Insufficient Type Distinction
Overview livewire/livewire is an A front-end framework for Laravel. Affected versions of this package are vulnerable to Insufficient Type Distinction when validating uploaded files in the generateHashNameWithOriginalNameEmbedded function. An attacker can execute code by uploading a file with a...
CVE-2024-47823
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...
CVE-2024-47823
CVE-2024-47823 affects livewire/livewire (Laravel). In versions before 2.12.7 and 3.5.2, the uploaded file extension is inferred from MIME type, not from the original filename, enabling an attacker to bypass validation and potentially achieve RCE when a PHP file with a valid MIME type is uploaded...
CVE-2024-47823 Livewire Remote Code Execution (RCE) on File Uploads
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...
CVE-2024-47823 Livewire Remote Code Execution (RCE) on File Uploads
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...
CVE-2024-47823 Livewire Remote Code Execution (RCE) on File Uploads
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...
Livewire 输入验证错误漏洞
Livewire is Livewire open source a full stack framework for Laravel that allows you to build dynamic UI components without leaving PHP. An input validation error vulnerability exists in Livewire prior to version v3.5.2, which stems from unvalidated actual file extensions for filenames...
PT-2024-32835 · Unknown · Livewire/Livewire
Name of the Vulnerable Software and Affected Versions: livewire/livewire versions prior to 2.12.7 and v3.5.2 Description: The issue is related to insufficient validation of uploaded file extensions in the Livewire framework for Laravel. An attacker can bypass validation by uploading a file with a...
CVE-2024-45803
Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting XSS vulnerability has been identified in the /wireui/button endpoint, specifically through the label query parameter. Malicious actors could exploit this...
CVE-2024-45803 Cross site scripting (XSS) Vulnerability on route /wireui/button?label=Content in wireui
Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting XSS vulnerability has been identified in the /wireui/button endpoint, specifically through the label query parameter. Malicious actors could exploit this...
CVE-2024-45803
Wire UI (wireui/wireui) for Laravel/Livewire is affected by an XSS in the /wireui/button endpoint via the label query parameter. The input is not properly sanitized, allowing injected JavaScript to execute in the victim’s browser, with potential session hijacking, user impersonation, phishing, or...
CVE-2024-45803 Cross site scripting (XSS) Vulnerability on route /wireui/button?label=Content in wireui
Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting XSS vulnerability has been identified in the /wireui/button endpoint, specifically through the label query parameter. Malicious actors could exploit this...
Wire UI 安全漏洞
Wire UI is a component and repository of Wire UI open source. It is used to support Laravel and Livewire application development. Wire UI has a security vulnerability that stems from insufficient cleaning or escaping of user input. An attacker can exploit the vulnerability to inject malicious...
Data Leakage
livewire/livewire is vulnerable to Data Leakage. The vulnerability is caused by the $this-validate method not properly filtering the data before returning it, resulting in all properties of the Livewire component, including unvalidated data, being exposed...
Data Leakage Vulnerability in livewire/livewire
livewire/livewire versions greater than 2.2.4 and less than 2.2.6 are affected by a data leakage vulnerability. The $this-validate method, which is expected to return only the validated dataset, was returning all properties of the Livewire component. This regression introduced a security risk,...
GHSA-QWVP-268G-JJM8 Data Leakage Vulnerability in livewire/livewire
livewire/livewire versions greater than 2.2.4 and less than 2.2.6 are affected by a data leakage vulnerability. The $this-validate method, which is expected to return only the validated dataset, was returning all properties of the Livewire component. This regression introduced a security risk,...
Cross Site Scripting(XSS)
livewire/livewire is vulnerable to Cross-site Scripting XSS. The vulnerability is due to inadequate input sanitization, allowing attackers to inject malicious HTML code via crafted URLs...