Lucene search
K
LaravelFramework

9 matches found

CVE
CVE
added 2024/11/12 7:32 p.m.481 views

CVE-2024-52301

CVE-2024-52301 affects the Laravel framework. When the PHP directive register_argc_argv is on, a crafted query string can alter the request-handling environment on non-cli SAPIs. This article notes the fix: Laravel now ignores argv values for environment detection on non-cli SAPIs, and the vulner...

8.7CVSS6.8AI score0.37981EPSS
CVE
CVE
added 2025/03/05 6:45 p.m.226 views

CVE-2025-27515

CVE-2025-27515 affects Laravel: wildcard file/image validation (files.*) can bypass rules during upload. Root cause is improper handling of array-based uploads, enabling a user-controlled bypass. Fixed in Laravel releases 11.44.1 and 12.1.1. A PoC exploiting a wildcard validation bypass exists in...

9.8CVSS7AI score0.00685EPSS
CVE
CVE
added 2025/03/10 10:3 a.m.172 views

CVE-2024-13919

The CVE-2024-13919 entry concerns Laravel framework versions 11.9.0 to 11.35.1, which are vulnerable to reflected cross-site scripting due to improper encoding of route parameters on the debug-mode error page. Affected component: Laravel routing/debug-mode error page handling. Root cause (as stat...

8CVSS6.4AI score0.00509EPSS
CVE
CVE
added 2021/11/14 3:32 p.m.138 views

CVE-2021-43617

CVE-2021-43617 affects Laravel Framework up to 8.70.2. Root cause: Illuminate/Validation/Concerns/ValidatesAttributes.php does not check for .phar files, which Debian systems treat as application/x-httpd-php, enabling executable PHP content uploads in some scenarios. Debian project references sho...

9.8CVSS9.4AI score0.1981EPSS
CVE
CVE
added 2021/12/20 7:36 p.m.120 views

CVE-2020-19316

The CVE-2020-19316 entry describes an OS command injection in Laravel Framework’s Filesystem.php, specifically in the link() function, affecting versions before 5.8.17. Evidence from multiple sources confirms the vulnerability affects Laravel’s file linking logic, enabling an attacker to inject a...

8.8CVSS8.8AI score0.02523EPSS
CVE
CVE
added 2021/12/07 10:20 p.m.114 views

CVE-2021-43808

Technical details on CVE-2021-43808 are not publicly available in the provided connected documents. Monitor for updates.

6.1CVSS5.4AI score0.00799EPSS
CVE
CVE
added 2025/03/10 10:2 a.m.99 views

CVE-2024-13918

CVE-2024-13918 (Laravel) affects Laravel framework versions 11.9.0 through 11.35.1, where a reflected cross-site scripting vulnerability arises from improper encoding of request parameters in the debug-mode error page. The root cause is the failure to encoding user input on the debug error page, ...

8CVSS6.4AI score0.00575EPSS
CVE
CVE
added 2023/04/25 12:0 a.m.95 views

CVE-2022-40482

The CVE-2022-40482 issue affects Laravel 8.x–9.x prior to 9.32.0. The vulnerability arises in the authentication path where hasValidCredentials in Illuminate\Auth\SessionGuard may return early when a user does not exist, enabling timeless timing attacks over HTTP/2 multiplexing and potential user...

5.3CVSS5.3AI score0.00881EPSS
CVE
CVE
added 2019/03/28 3:41 p.m.80 views

CVE-2018-6330

CVE-2018-6330 affects Laravel 5.4.15 and is described as an error-based SQL injection in save.php that can be triggered via the dhx_user and dhx_version parameters. The connected records consistently identify this as a Laravel SQL injection vulnerability in version 5.4.15, caused by improper hand...

8.8CVSS9AI score0.01607EPSS