PHP Laravel version 8.70.1 suffers from cross site scripting and cross site request forgery related vulnerabilities.
03959819037d931fa9bc8a86e042128e57d18e192cdb95d48075c2d8e2c636b5
Laravel Framework version 11 suffers from a credential disclosure vulnerability.
0f46b7fe0d34dd07e9a8db63a2302513bdef1017e3780ffff315cee267f96243
FleetCart Laravel Ecommerce System version 1.1.2 suffers from an ignored default credential vulnerability.
68a6c17d047c26ef9fa83b8414516311214d6cb3d30aea8512036eb95fd0c4f9
AmazCart Laravel Ecommerce System CMS version 3.4 suffers from a cross site scripting vulnerability.
9b03c94b047b3bc49c9b1c4ca00700238a74dd617a510b95e815b3ea9c26f674
Laravel versions 1.0 to 9.47.0 suffer from database disclosure and information leakage vulnerabilities.
111b6533007bb0d30833a8fec10c414266b1f7095e1f6e0aecfa7bb54a3e2319
Laravel Media Library Pro versions 2.1.6 and below as well as 1.17.10 and below suffer from a remote shell upload vulnerability.
6d8f2553e3fe9002ec60d7e3a9741740a148f8cf1da6fb3d7263cf99278e8f1e
Ignition versions prior to 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
1a428973d57b49630c03761c229ad5f2989539e00fde683c743407e8d561d597
Laravel Valet version 2.0.3 local privilege escalation exploit for macOS.
2c127d95d2ce5f88d9a84b080c89d8e3adb9a2ae6896312ed14c58295860de08
Aimeos Laravel Ecommerce Platform version 2021.10 LTS suffers from a remote SQL injection vulnerability.
2fae4289aace3459fa366b914b29f2b20838c09d5a87878e017a85ab79b6d6bb
Ignition versions prior to 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel versions prior to 8.4.2.
aebc0026e687e1ba339c5b60a3565c3f18d9a8afd3eb4765ef9daaf8dbe63898
Laravel version 8.4.2 suffers from a debug mode remote code execution vulnerability.
e34cd9189ebccce75149b7a897ad6f0f8f21c47b20e534aec63a70a6024d57f6
Laravel Nova version 3.7.0 suffers from a denial of service vulnerability.
9eb495324041230df1778bdc6d24f4736918454a3a493572ff1e36fb62cb7360
Laravel Administrator version 4 suffers from an unrestricted file upload vulnerability.
74c5803bba9337c9b7130818986ce55f061af3504d643ca424705c78c6549aea
NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from a persistent cross site scripting vulnerability.
a03fae941188a13b262247d193b72cb8c6020929d45d54b9d550247447b208d4
NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from an arbitrary file download vulnerability.
b6fc64a5ae4e8a0ec2c9cdc1017fd4675419adad3fce5fe5f687cefd700382cb
UniSharp Laravel File Manager version 2.0.0 suffers from an arbitrary file read vulnerability.
1d7405c593ee49d55e59bcf504bf4d3f7496515bc48aef6a5e832b0c6175f1cd
This Metasploit module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x up to 5.6.29. Remote command execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header, due to an insecure unserialize call of the decrypt method in Illuminate/Encryption/Encrypter.php. Authentication is not required, however exploitation requires knowledge of the Laravel APP_KEY. Similar vulnerabilities appear to exist within Laravel cookie tokens based on the code fix. In some cases the APP_KEY is leaked which allows for discovery and exploitation.
89a708ff133e6615ee3040a41d60178a5e2e6c21344ec723424eb420b1cc5b8c
UniSharp Laravel File Manager version 2.0.0-alpha7 suffers from an arbitrary file upload vulnerability.
f67d9939b12edf8fa0798c677008aa300033f210c22c4530b791b22cdd35192e
Laravel Log Viewer versions prior to 0.13.0 suffers from a local file download vulnerability.
167717bccfa3ca0b0d38c17ea0f44b8f9623e1fe306e0934c356174fe45eecf6
Laravel version 5.4 suffers from a cross site scripting vulnerability.
34f087a75ac86387f30439cc2ab8f6c14d83614a61e4e6f992742eaac6419cbd
Laravel Framework versions since 4.1 suffer from a PHP objection injection vulnerability when encryption is turned off.
77f22e2a8757288c75c6f2b204358f81cc4f63d582e81dad74eced0ce382209a
Laravel version 2.1 fails to check length prior to password hash creation allowing for possible hash collisions for secrets over 72 characters.
c326cc304eeacde84a1ea946f533f0c9f4c6ce9cfb4ff9339cbc8e8cbada6457