EUVD-2026-26669

SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy$sort, $sortType without validation. An authenticated admin can sort users by any database column including password,...

PT-2024-40392 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel versions prior to 4.1.26 Description: The issue concerns the security of "remember me" cookies. If a remember cookie was hijacked by another malicious user, the cookie would remain valid for a long period of time, even after the true...