Vulnerabilites related to laravel - framework
Vulnerability from fkie_nvd
Published
2019-03-28 16:29
Modified
2024-11-21 04:10
Severity ?
Summary
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md | Product, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laravel:framework:5.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "22501CD0-D334-4C89-AF9F-A742D11CAED1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters."
},
{
"lang": "es",
"value": "Laravel, en su versi\u00f3n 5.4.15, es vulnerable a inyecci\u00f3n SQL basada en errores en save.php mediante los par\u00e1metros dhx_user y dhx_version."
}
],
"id": "CVE-2018-6330",
"lastModified": "2024-11-21T04:10:29.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-28T16:29:00.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-05 19:15
Modified
2025-08-26 17:13
Severity ?
Summary
Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3435AC4E-7552-44D8-9D74-2B41A0BC4735",
"versionEndExcluding": "11.44.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2421074-5F7E-4052-8AEE-695FB4873A8D",
"versionEndExcluding": "12.1.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1."
},
{
"lang": "es",
"value": "Laravel es un framework de trabajo para aplicaciones web. Al utilizar la validaci\u00f3n con comodines para validar un campo de archivo o imagen determinado (`files.*`), una solicitud maliciosa manipulada por el usuario podr\u00eda eludir las reglas de validaci\u00f3n. Esta vulnerabilidad se ha corregido en las versiones 11.44.1 y 12.1.1."
}
],
"id": "CVE-2025-27515",
"lastModified": "2025-08-26T17:13:57.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-03-05T19:15:39.483",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-155"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-10 10:15
Modified
2025-03-24 14:14
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A8A0BE-A7AA-4DA2-8A67-227CBBA94C18",
"versionEndExcluding": "11.36.0",
"versionStartIncluding": "11.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page."
},
{
"lang": "es",
"value": "Las versiones del framework Laravel entre 11.9.0 y 11.35.1 son susceptibles a cross-site scripting reflejado debido a una codificaci\u00f3n incorrecta de los par\u00e1metros de ruta en la p\u00e1gina de error del modo de depuraci\u00f3n."
}
],
"id": "CVE-2024-13919",
"lastModified": "2025-03-24T14:14:53.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.8,
"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-10T10:15:13.890",
"references": [
{
"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/laravel/framework/pull/53869"
},
{
"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"tags": [
"Release Notes"
],
"url": "https://github.com/laravel/framework/releases/tag/v11.36.0"
},
{
"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"tags": [
"Exploit"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-02_Laravel_Reflected_XSS_via_Route_Parameter_in_Debug-Mode_Error_Page"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2025/03/10/4"
}
],
"sourceIdentifier": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-25 19:15
Modified
2025-05-30 19:06
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://ephort.dk/blog/laravel-timing-attack-vulnerability/ | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://github.com/ephort/laravel-user-enumeration-demo | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/laravel/framework/pull/44069 | Patch, Vendor Advisory | |
| cve@mitre.org | https://github.com/laravel/framework/releases/tag/v9.32.0 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ephort.dk/blog/laravel-timing-attack-vulnerability/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ephort/laravel-user-enumeration-demo | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laravel/framework/pull/44069 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laravel/framework/releases/tag/v9.32.0 | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "193D63BE-9529-4E52-B43C-01468F5D3532",
"versionEndExcluding": "8.83.24",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84C74FC1-EA1E-4972-8811-0194DB878816",
"versionEndExcluding": "9.32.0",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\\Auth\\SessionGuard class when a user is found to not exist."
}
],
"id": "CVE-2022-40482",
"lastModified": "2025-05-30T19:06:45.143",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-25T19:15:10.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://ephort.dk/blog/laravel-timing-attack-vulnerability/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ephort/laravel-user-enumeration-demo"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/laravel/framework/pull/44069"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/laravel/framework/releases/tag/v9.32.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://ephort.dk/blog/laravel-timing-attack-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ephort/laravel-user-enumeration-demo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/laravel/framework/pull/44069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/laravel/framework/releases/tag/v9.32.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-14 16:15
Modified
2024-11-21 06:29
Severity ?
Summary
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "702DB0C0-CE3A-4377-8A36-D6124A23CAAA",
"versionEndIncluding": "8.70.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload."
},
{
"lang": "es",
"value": "Laravel Framework hasta la versi\u00f3n 8.70.2 no bloquea suficientemente la subida de contenido PHP ejecutable porque Illuminate/Validation/Concerns/ValidatesAttributes.php carece de una comprobaci\u00f3n para los archivos .phar, que se manejan como application/x-httpd-php en sistemas basados en Debian. NOTA: este registro CVE es para Laravel Framework, y no est\u00e1 relacionado con ning\u00fan informe sobre aplicaciones de usuario escritas incorrectamente para la carga de im\u00e1genes"
}
],
"id": "CVE-2021-43617",
"lastModified": "2024-11-21T06:29:31.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-14T16:15:08.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-20 20:15
Modified
2024-11-21 05:09
Severity ?
Summary
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A114BA47-F86F-4997-AF13-F02E7B540333",
"versionEndExcluding": "5.8.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos en el enlace de la funci\u00f3n Filesystem.php en Laravel Framework versiones anteriores a 5.8.17"
}
],
"id": "CVE-2020-19316",
"lastModified": "2024-11-21T05:09:08.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-20T20:15:07.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-08 00:15
Modified
2024-11-21 06:29
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "008F1411-5AC5-4BB3-9BB4-C873D9D4CB2C",
"versionEndExcluding": "6.20.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B26BF29-BEB7-44FF-A39F-A103C30B0726",
"versionEndExcluding": "7.30.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15E8F817-7A3D-40D4-9DCB-FBC8FD7CE3F7",
"versionEndExcluding": "8.75.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request."
},
{
"lang": "es",
"value": "Laravel es un framework de aplicaciones web. Laravel versiones anteriores a 8.75.0, 7.30.6 y 6.20.42, contiene una posible vulnerabilidad de tipo cross-site scripting (XSS) en el motor de plantillas Blade. Puede hacerse clic en un elemento HTML roto y llevar al usuario a otra ubicaci\u00f3n en su navegador debido a un ataque de tipo XSS. Esto es debido a que el usuario puede adivinar el hash SHA-1 del marcador de posici\u00f3n padre al probar los nombres comunes de las secciones. Si la plantilla padre contiene una estructura HTML explotable puede exponerse una vulnerabilidad de tipo XSS. Esta vulnerabilidad ha sido parcheada en las versiones 8.75.0, 7.30.6 y 6.20.42 determinando el marcador de posici\u00f3n padre en tiempo de ejecuci\u00f3n y usando un hash aleatorio que es \u00fanico para cada petici\u00f3n"
}
],
"id": "CVE-2021-43808",
"lastModified": "2024-11-21T06:29:50.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-08T00:15:07.683",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/pull/39906"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/pull/39908"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/pull/39909"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/releases/tag/v6.20.42"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/releases/tag/v7.30.6"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/releases/tag/v8.75.0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/pull/39906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/pull/39908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/pull/39909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/releases/tag/v6.20.42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/releases/tag/v7.30.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/releases/tag/v8.75.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-10 10:15
Modified
2025-03-24 14:15
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A8A0BE-A7AA-4DA2-8A67-227CBBA94C18",
"versionEndExcluding": "11.36.0",
"versionStartIncluding": "11.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page."
},
{
"lang": "es",
"value": "Las versiones del framework Laravel entre 11.9.0 y 11.35.1 son susceptibles a cross-site scripting reflejado debido a una codificaci\u00f3n incorrecta de los par\u00e1metros de solicitud en la p\u00e1gina de error del modo de depuraci\u00f3n."
}
],
"id": "CVE-2024-13918",
"lastModified": "2025-03-24T14:15:59.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.8,
"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-10T10:15:10.280",
"references": [
{
"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/laravel/framework/pull/53869"
},
{
"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"tags": [
"Release Notes"
],
"url": "https://github.com/laravel/framework/releases/tag/v11.36.0"
},
{
"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"tags": [
"Exploit"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2025/03/10/3"
}
],
"sourceIdentifier": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-12 20:15
Modified
2025-08-26 02:37
Severity ?
Summary
Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/12/msg00019.html | Third Party Advisory, Mailing List |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4D3C77-8967-41A0-B092-AE27DA385578",
"versionEndExcluding": "6.20.45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "617A174E-7DE0-4145-BCE6-2A58CBBB6B21",
"versionEndExcluding": "7.30.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A506D04F-C9D9-4E37-B75F-29DA3943ECE0",
"versionEndExcluding": "8.83.28",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7F8265-5DF9-49A5-9D23-A459F16A948F",
"versionEndExcluding": "9.52.17",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9575B7A1-E291-4EC2-8557-ABCCACEB8622",
"versionEndExcluding": "10.48.23",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6346E858-7A00-4E7C-A3C2-8858C1D7C140",
"versionEndExcluding": "11.31.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs."
},
{
"lang": "es",
"value": "Laravel es un framework de aplicaciones web. Cuando la directiva de php register_argc_argv est\u00e1 establecida en on y los usuarios llaman a cualquier URL con una cadena de consulta especialmente manipulada, pueden cambiar el entorno que utiliza el framework al procesar la solicitud. La vulnerabilidad se corrigi\u00f3 en 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23 y 11.31.0. El framework ahora ignora los valores argv para la detecci\u00f3n del entorno en SAPI que no son de CLI."
}
],
"id": "CVE-2024-52301",
"lastModified": "2025-08-26T02:37:14.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-11-12T20:15:14.087",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00019.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
CVE-2022-40482 (GCVE-0-2022-40482)
Vulnerability from cvelistv5
Published
2023-04-25 00:00
Modified
2025-02-03 20:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:45.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://ephort.dk/blog/laravel-timing-attack-vulnerability/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ephort/laravel-user-enumeration-demo"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/laravel/framework/pull/44069"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/laravel/framework/releases/tag/v9.32.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40482",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T20:49:48.149855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T20:49:55.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\\Auth\\SessionGuard class when a user is found to not exist."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-25T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ephort.dk/blog/laravel-timing-attack-vulnerability/"
},
{
"url": "https://github.com/ephort/laravel-user-enumeration-demo"
},
{
"url": "https://github.com/laravel/framework/pull/44069"
},
{
"url": "https://github.com/laravel/framework/releases/tag/v9.32.0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40482",
"datePublished": "2023-04-25T00:00:00.000Z",
"dateReserved": "2022-09-11T00:00:00.000Z",
"dateUpdated": "2025-02-03T20:49:55.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6330 (GCVE-0-2018-6330)
Vulnerability from cvelistv5
Published
2019-03-28 15:41
Modified
2024-08-05 06:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/ | x_refsource_MISC | |
| https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-28T15:41:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/",
"refsource": "MISC",
"url": "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/"
},
{
"name": "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6330",
"datePublished": "2019-03-28T15:41:02",
"dateReserved": "2018-01-26T00:00:00",
"dateUpdated": "2024-08-05T06:01:48.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21263 (GCVE-0-2021-21263)
Vulnerability from cvelistv5
Published
2021-01-19 19:40
Modified
2024-08-03 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Summary
Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x | x_refsource_CONFIRM | |
| https://github.com/laravel/framework/pull/35865 | x_refsource_MISC | |
| https://blog.laravel.com/security-laravel-62011-7302-8221-released | x_refsource_MISC | |
| https://packagist.org/packages/laravel/framework | x_refsource_MISC | |
| https://packagist.org/packages/illuminate/database | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:14.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/pull/35865"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.laravel.com/security-laravel-62011-7302-8221-released"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/laravel/framework"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/illuminate/database"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "laravel",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.20.11"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.30.2"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.22.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-19T19:40:18",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/pull/35865"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.laravel.com/security-laravel-62011-7302-8221-released"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/laravel/framework"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/illuminate/database"
}
],
"source": {
"advisory": "GHSA-3p32-j457-pg5x",
"discovery": "UNKNOWN"
},
"title": "Query Binding Exploitation in Laravel",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21263",
"STATE": "PUBLIC",
"TITLE": "Query Binding Exploitation in Laravel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "framework",
"version": {
"version_data": [
{
"version_value": "\u003e= 6.0.0, \u003c 6.20.11"
},
{
"version_value": "\u003e= 7.0.0, \u003c 7.30.2"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.22.1"
}
]
}
}
]
},
"vendor_name": "laravel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x",
"refsource": "CONFIRM",
"url": "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x"
},
{
"name": "https://github.com/laravel/framework/pull/35865",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/pull/35865"
},
{
"name": "https://blog.laravel.com/security-laravel-62011-7302-8221-released",
"refsource": "MISC",
"url": "https://blog.laravel.com/security-laravel-62011-7302-8221-released"
},
{
"name": "https://packagist.org/packages/laravel/framework",
"refsource": "MISC",
"url": "https://packagist.org/packages/laravel/framework"
},
{
"name": "https://packagist.org/packages/illuminate/database",
"refsource": "MISC",
"url": "https://packagist.org/packages/illuminate/database"
}
]
},
"source": {
"advisory": "GHSA-3p32-j457-pg5x",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21263",
"datePublished": "2021-01-19T19:40:18",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:14.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43617 (GCVE-0-2021-43617)
Vulnerability from cvelistv5
Published
2021-11-14 15:32
Modified
2024-08-04 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-17T17:17:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333"
},
{
"name": "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8",
"refsource": "MISC",
"url": "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8"
},
{
"name": "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6",
"refsource": "MISC",
"url": "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43617",
"datePublished": "2021-11-14T15:32:39",
"dateReserved": "2021-11-14T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13919 (GCVE-0-2024-13919)
Vulnerability from cvelistv5
Published
2025-03-10 10:03
Modified
2025-03-10 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Laravel Holdings Inc. | Laravel Framework |
Version: 11.9.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13919",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T12:38:06.695003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T12:41:35.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-10T17:02:42.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/10/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Laravel Framework",
"repo": "https://github.com/laravel/framework",
"vendor": "Laravel Holdings Inc.",
"versions": [
{
"lessThanOrEqual": "11.35.1",
"status": "affected",
"version": "11.9.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application must run with debug-mode enabled (\u003ctt\u003eAPP_DEBUG=true\u003c/tt\u003e)."
}
],
"value": "The application must run with debug-mode enabled (APP_DEBUG=true)."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fabian Funder (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Philipp Adelsberger (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Jeremy Angele"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page."
}
],
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T10:03:01.374Z",
"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"shortName": "sba-research"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-02_Laravel_Reflected_XSS_via_Route_Parameter_in_Debug-Mode_Error_Page"
},
{
"tags": [
"patch"
],
"url": "https://github.com/laravel/framework/pull/53869"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/laravel/framework/releases/tag/v11.36.0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version 11.36.0 or later."
}
],
"value": "Update to version 11.36.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ensure that the application does not run in debug-mode by setting \u003ctt\u003eAPP_DEBUG=false\u003c/tt\u003e in your configuration."
}
],
"value": "Ensure that the application does not run in debug-mode by setting APP_DEBUG=false in your configuration."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"assignerShortName": "sba-research",
"cveId": "CVE-2024-13919",
"datePublished": "2025-03-10T10:03:01.374Z",
"dateReserved": "2025-03-04T18:11:39.565Z",
"dateUpdated": "2025-03-10T17:02:42.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27515 (GCVE-0-2025-27515)
Vulnerability from cvelistv5
Published
2025-03-05 18:45
Modified
2025-03-05 18:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-155 - Improper Neutralization of Wildcards or Matching Symbols
Summary
Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4 | x_refsource_CONFIRM | |
| https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:59:39.412635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:59:49.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "laravel",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.1.1"
},
{
"status": "affected",
"version": "\u003c 11.44.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-155",
"description": "CWE-155: Improper Neutralization of Wildcards or Matching Symbols",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:45:50.101Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4"
},
{
"name": "https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5"
}
],
"source": {
"advisory": "GHSA-78fx-h6xr-vch4",
"discovery": "UNKNOWN"
},
"title": "Laravel has a File Validation Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27515",
"datePublished": "2025-03-05T18:45:50.101Z",
"dateReserved": "2025-02-26T18:11:52.307Z",
"dateUpdated": "2025-03-05T18:59:49.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43808 (GCVE-0-2021-43808)
Vulnerability from cvelistv5
Published
2021-12-07 22:20
Modified
2024-08-04 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw | x_refsource_CONFIRM | |
| https://github.com/laravel/framework/pull/39906 | x_refsource_MISC | |
| https://github.com/laravel/framework/pull/39908 | x_refsource_MISC | |
| https://github.com/laravel/framework/pull/39909 | x_refsource_MISC | |
| https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b | x_refsource_MISC | |
| https://github.com/laravel/framework/releases/tag/v6.20.42 | x_refsource_MISC | |
| https://github.com/laravel/framework/releases/tag/v7.30.6 | x_refsource_MISC | |
| https://github.com/laravel/framework/releases/tag/v8.75.0 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/pull/39906"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/pull/39908"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/pull/39909"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/releases/tag/v6.20.42"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/releases/tag/v7.30.6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/releases/tag/v8.75.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "laravel",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.75.0"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.30.6"
},
{
"status": "affected",
"version": "\u003c 6.20.42"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-07T22:20:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/pull/39906"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/pull/39908"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/pull/39909"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/releases/tag/v6.20.42"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/releases/tag/v7.30.6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/releases/tag/v8.75.0"
}
],
"source": {
"advisory": "GHSA-66hf-2p6w-jqfw",
"discovery": "UNKNOWN"
},
"title": "Blade `@parent` Exploitation Leading To Possible XSS in Laravel",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43808",
"STATE": "PUBLIC",
"TITLE": "Blade `@parent` Exploitation Leading To Possible XSS in Laravel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "framework",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.0.0, \u003c 8.75.0"
},
{
"version_value": "\u003e= 7.0.0, \u003c 7.30.6"
},
{
"version_value": "\u003c 6.20.42"
}
]
}
}
]
},
"vendor_name": "laravel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw",
"refsource": "CONFIRM",
"url": "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw"
},
{
"name": "https://github.com/laravel/framework/pull/39906",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/pull/39906"
},
{
"name": "https://github.com/laravel/framework/pull/39908",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/pull/39908"
},
{
"name": "https://github.com/laravel/framework/pull/39909",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/pull/39909"
},
{
"name": "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b"
},
{
"name": "https://github.com/laravel/framework/releases/tag/v6.20.42",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/releases/tag/v6.20.42"
},
{
"name": "https://github.com/laravel/framework/releases/tag/v7.30.6",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/releases/tag/v7.30.6"
},
{
"name": "https://github.com/laravel/framework/releases/tag/v8.75.0",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/releases/tag/v8.75.0"
}
]
},
"source": {
"advisory": "GHSA-66hf-2p6w-jqfw",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43808",
"datePublished": "2021-12-07T22:20:12",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13918 (GCVE-0-2024-13918)
Vulnerability from cvelistv5
Published
2025-03-10 10:02
Modified
2025-03-10 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Laravel Holdings Inc. | Laravel Framework |
Version: 11.9.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13918",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T12:55:25.311761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T12:55:46.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-10T17:02:40.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/10/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Laravel Framework",
"repo": "https://github.com/laravel/framework",
"vendor": "Laravel Holdings Inc.",
"versions": [
{
"lessThanOrEqual": "11.35.1",
"status": "affected",
"version": "11.9.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application must run with debug-mode enabled (\u003ctt\u003eAPP_DEBUG=true\u003c/tt\u003e)."
}
],
"value": "The application must run with debug-mode enabled (APP_DEBUG=true)."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fabian Funder (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Philipp Adelsberger (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Jeremy Angele"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page."
}
],
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T10:02:29.530Z",
"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"shortName": "sba-research"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page"
},
{
"tags": [
"patch"
],
"url": "https://github.com/laravel/framework/pull/53869"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/laravel/framework/releases/tag/v11.36.0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version 11.36.0 or later."
}
],
"value": "Update to version 11.36.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ensure that the application does not run in debug-mode by setting \u003ctt\u003eAPP_DEBUG=false\u003c/tt\u003e in your configuration."
}
],
"value": "Ensure that the application does not run in debug-mode by setting APP_DEBUG=false in your configuration."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"assignerShortName": "sba-research",
"cveId": "CVE-2024-13918",
"datePublished": "2025-03-10T10:02:29.530Z",
"dateReserved": "2025-03-04T18:11:33.625Z",
"dateUpdated": "2025-03-10T17:02:40.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52301 (GCVE-0-2024-52301)
Vulnerability from cvelistv5
Published
2024-11-12 19:32
Modified
2024-12-21 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Summary
Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "framework",
"vendor": "laravel",
"versions": [
{
"lessThan": "6.20.45",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.30.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.83.28",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "9.52.17",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.48.23",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.31.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T14:51:08.466106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:14:52.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-12-21T17:02:39.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "laravel",
"versions": [
{
"status": "affected",
"version": "\u003c 6.20.45"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.30.7"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.83.28"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.52.17"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.48.23"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.31.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T19:32:14.415Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h"
}
],
"source": {
"advisory": "GHSA-gv7v-rgg6-548h",
"discovery": "UNKNOWN"
},
"title": "Laravel allows environment manipulation via query string"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52301",
"datePublished": "2024-11-12T19:32:14.415Z",
"dateReserved": "2024-11-06T19:00:26.396Z",
"dateUpdated": "2024-12-21T17:02:39.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-19316 (GCVE-0-2020-19316)
Vulnerability from cvelistv5
Published
2021-12-20 19:36
Modified
2024-08-04 14:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31 | x_refsource_MISC | |
| http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T19:36:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31"
},
{
"name": "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/",
"refsource": "MISC",
"url": "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19316",
"datePublished": "2021-12-20T19:36:41",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:08:30.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}