4 matches found
CVE-2024-52301
CVE-2024-52301 affects the Laravel framework. When the PHP directive register_argc_argv is on, a crafted query string can alter the request-handling environment on non-cli SAPIs. This article notes the fix: Laravel now ignores argv values for environment detection on non-cli SAPIs, and the vulner...
CVE-2025-27515
CVE-2025-27515 affects Laravel: wildcard file/image validation (files.*) can bypass rules during upload. Root cause is improper handling of array-based uploads, enabling a user-controlled bypass. Fixed in Laravel releases 11.44.1 and 12.1.1. A PoC exploiting a wildcard validation bypass exists in...
CVE-2020-19316
The CVE-2020-19316 entry describes an OS command injection in Laravel Framework’s Filesystem.php, specifically in the link() function, affecting versions before 5.8.17. Evidence from multiple sources confirms the vulnerability affects Laravel’s file linking logic, enabling an attacker to inject a...
CVE-2021-43808
Technical details on CVE-2021-43808 are not publicly available in the provided connected documents. Monitor for updates.