16 matches found
Laravel Framework < 5.5.41 / 5.6.x < 5.6.30 RCE
The version of Laravel Framework installed of the remote host is prior to 5.5.41 or 5.6.x prior to 5.6.30. It is, therefore, affected by a remote code execution vulnerability due to an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in...
Cross-Site Request Forgery
axios is vulnerable to Cross-Site Request Forgery. The vulnerability is due to the xhr.js setting config.withCredentials to true which enables the sending of a confidential XSRF-TOKEN cookie within the X-XSRF-TOKEN HTTP header for all requests. This allows attackers to view sensitive information...
GHSA-QVQM-H22R-4CP9 Laravel Framework RCE Vulnerability
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
Laravel Framework RCE Vulnerability
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
CVE-2020-28452
This affects the package com.softwaremill.akka-http-session:core2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core2.11; the package com.softwaremill.akka-http-session:core2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request...
CVE-2020-28452 Cross-site Request Forgery (CSRF)
This affects the package com.softwaremill.akka-http-session:core2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core2.11; the package com.softwaremill.akka-http-session:core2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request...
CVE-2020-7780 Cross-site Request Forgery (CSRF)
This affects the package com.softwaremill.akka-http-session:core2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection...
PHP Laravel Framework Token Unserialize Remote Command Execution Exploit
This Metasploit module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x up to 5.6.29. Remote command execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header, due to an insecure unserialize call of the decrypt method in...
PHP Laravel Framework token Unserialize Remote Command Execution
This module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x 'PHP Laravel Framework token Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x = 5.6.29. Remote Command...
Laravel framework remote code execution vulnerability
Laravel framework is a set of simple , elegant PHP Web development framework. A remote code execution vulnerability exists in Laravel framework versions 5.5.40 and earlier and versions 5.6.x through 5.6.29. The vulnerability stems from an unserialized call to an untrusted X-XSRF-TOKEN value. An...
CVE-2018-15133
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
CVE-2018-15133
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
Remote code execution
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
CVE-2018-15133
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
CVE-2018-15133
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
Laravel Framework Unserialize Token RCE (CVE-2018-15133)
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...