Laravel

Framework

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2024-13919

Medienbericht Exploit
  • EPSS 0.02%
  • Veröffentlicht 10.03.2025 10:15:13
  • Zuletzt bearbeitet 24.03.2025 14:14:53

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.

6.1

CVE-2024-13918

Medienbericht Exploit
  • EPSS 0.04%
  • Veröffentlicht 10.03.2025 10:15:10
  • Zuletzt bearbeitet 24.03.2025 14:15:59

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.

9.8

CVE-2025-27515

  • EPSS 0.06%
  • Veröffentlicht 05.03.2025 19:15:39
  • Zuletzt bearbeitet 26.08.2025 17:13:57

Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12....

7.5

CVE-2024-52301

Warnung
  • EPSS 17.25%
  • Veröffentlicht 12.11.2024 20:15:14
  • Zuletzt bearbeitet 26.08.2025 02:37:14

Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The ...

0

CVE-2024-29291

  • EPSS 5.73%
  • Veröffentlicht 16.04.2024 23:15:08
  • Zuletzt bearbeitet 21.11.2024 09:07:55

An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose t...

5.3

CVE-2022-40482

Exploit
  • EPSS 0.3%
  • Veröffentlicht 25.04.2023 19:15:10
  • Zuletzt bearbeitet 30.05.2025 19:06:45

The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in t...

8.8

CVE-2020-19316

Exploit
  • EPSS 4.29%
  • Veröffentlicht 20.12.2021 20:15:07
  • Zuletzt bearbeitet 21.11.2024 05:09:08

OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.

6.1

CVE-2021-43808

Exploit
  • EPSS 0.36%
  • Veröffentlicht 08.12.2021 00:15:07
  • Zuletzt bearbeitet 21.11.2024 06:29:50

Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to anoth...

9.8

CVE-2021-43617

  • EPSS 50.07%
  • Veröffentlicht 14.11.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:29:31

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems ba...

8.8

CVE-2018-6330

Exploit
  • EPSS 0.3%
  • Veröffentlicht 28.03.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:10:29

Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.