28 matches found
EUVD-2021-0484
Malware in sbrugna...
CVE-2021-21263
Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...
BIT-LARAVEL-2021-21263 Query Binding Exploitation in Laravel
Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...
CVE-2023-29931
laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php...
CVE-2022-40482
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a us...
[H-05] Not minting iPTs for lenders in several lend functions
Lines of code Vulnerability details Impact Using any of the lend function mentioned, will result in loss of funds to the lender - as the funds are transferred from them but no iPTs are sent back to them! Basically making lending via these external PTs unusable. Proof of Concept There is no mintin...
Illuminate PT redeeming do not return underlying to a user
Lines of code Vulnerability details In the second step of two step redeeming process, the underlying funds should be located in the Redeemer contract as external system burned the shares the Redeemer obtained from the Lender contract and returned underlying to Redeemer. Then Redeemer's Illuminate...
Illuminate PT redeeming allows for burning from other accounts
Lines of code Vulnerability details Illuminate PT burns shares from a user supplied address account instead of user's account. With such a discrepancy a malicious user can burn all other's user shares by having the necessary shares on her balance, while burning them from everyone else. Setting th...
Sense AMM address can be manipulated, allowing unlimited mint of principal tokens
Lines of code Vulnerability details Lender's lend for Sense uses ISensex.swapUnderlyingForPTs output to determine the Illuminate PT amount to be minted for the user. x is a user supplied and not verified address, which can be precooked by a malicious user to return any inflated amount, that will ...
Forgot to mint Illuminate zcTokens for Element
Lines of code Vulnerability details function lend uint8 p, address u, uint256 m, uint256 a, uint256 r, uint256 d, address e, bytes32 i public unpausedp returns uint256 // Get the principal token for this market for element address principal = IMarketPlacemarketPlace.marketsu, m, p; // the element...
User to lose all the funds when lend() to Swivel
Lines of code Vulnerability details function lend uint8 p, address u, uint256 m, uint256 memory a, address y, Swivel.Order calldata o, Swivel.Components calldata s public unpausedp returns uint256 // lent represents the number of underlying tokens lent uint256 lent; // returned represents the...
No minting done in the Element version of lend function, user funds are frozen within the system
Lines of code Vulnerability details Lender's Element lend transfers the funds from a user, opens the position with Element, but fails to mint a corresponding Illuminate position to a user. Setting severity to be high as there is no account of user investment is effectively created, so there is no...
GHSA-VV7Q-MFPC-QGM5 Unserialized Pop Chain in Laravel
Withdrawn This advisory has been withdrawn because it is not a security issue and the CVE has been revoked. Original Description Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution RCE via an unserialized pop chain in destruct in...
Laravel Framework Deserialization Vulnerability
The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the PendingCommand class in PendingCommand.php...
Laravel Framework RCE Vulnerability
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database
Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...
Query Binding Exploitation
illuminate/database is vulnerable to query binding exploitation. The vulnerability exists through the lack of control on the expected bindings in the Query Builder. This vulnerability is related to CVE-2021-21263. The fix addresses several edge cases...
CVE-2021-21263
Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...
CVE-2021-21263
Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...
DEBIAN-CVE-2021-21263
Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...