9 matches found
CVE-2025-66509
LaraDashboard is an all-In-one solution to start a Laravel Application. In 2.3.0 and earlier, the password reset flow trusts the Host header, allowing attackers to redirect the administrator’s reset token to an attacker-controlled server. This can be combined with the module installation process ...
CVE-2025-66509
LaraDashboard is an all-In-one solution to start a Laravel Application. In 2.3.0 and earlier, the password reset flow trusts the Host header, allowing attackers to redirect the administrator’s reset token to an attacker-controlled server. This can be combined with the module installation process ...
CVE-2025-66509 LaraDashboard: 1-Click Pre-Auth RCE via Host Header + Module Installation Chain
LaraDashboard is an all-In-one solution to start a Laravel Application. In 2.3.0 and earlier, the password reset flow trusts the Host header, allowing attackers to redirect the administrator’s reset token to an attacker-controlled server. This can be combined with the module installation process ...
CVE-2025-66509 LaraDashboard: 1-Click Pre-Auth RCE via Host Header + Module Installation Chain
LaraDashboard is an all-In-one solution to start a Laravel Application. In 2.3.0 and earlier, the password reset flow trusts the Host header, allowing attackers to redirect the administrator’s reset token to an attacker-controlled server. This can be combined with the module installation process ...
CVE-2025-66509 LaraDashboard: 1-Click Pre-Auth RCE via Host Header + Module Installation Chain
LaraDashboard is an all-In-one solution to start a Laravel Application. In 2.3.0 and earlier, the password reset flow trusts the Host header, allowing attackers to redirect the administrator’s reset token to an attacker-controlled server. This can be combined with the module installation process ...
EUVD-2025-201292
LaraDashboard is an all-In-one solution to start a Laravel Application. In 2.3.0 and earlier, the password reset flow trusts the Host header, allowing attackers to redirect the administrator’s reset token to an attacker-controlled server. This can be combined with the module installation process ...
CVE-2025-66509
LaraDashboard vulnerability CVE-2025-66509 affects version 2.3.0 and earlier. The password reset flow trusts the Host header, enabling an attacker to redirect the administrator’s reset token to a remote server. When combined with the module installation process, this can trigger ServiceProvider::...
laradashboard 访问控制错误漏洞
laradashboard is a content management system from Lara Dashboard open source. An access control error vulnerability exists in laradashboard version 2.3.0 and earlier, which stems from the password reset process trusting the Host header, which could result in the reset token being redirected to an...
PT-2025-49169
Name of the Vulnerable Software and Affected Versions LaraDashboard versions prior to 2.3.0 Description LaraDashboard, an all-in-one solution for starting a Laravel Application, has an issue in the password reset flow where it trusts the Host header. This allows attackers to redirect an...