CVE-2021-28254
https://notcve.org/view.php?id=CVE-2021-28254
A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands. • https://s1mple-top.github.io/2021/03/09/Laravel8-new-pop-chain-mining-process • CWE-502: Deserialization of Untrusted Data •
CVE-2023-24249
https://notcve.org/view.php?id=CVE-2023-24249
An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. • https://github.com/IDUZZEL/CVE-2023-24249-Exploit https://flyd.uk/post/cve-2023-24249 https://github.com/z-song/laravel-admin https://laravel-admin.org • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-4262 – laravel-jqgrid EloquentRepositoryAbstract.php getRows sql injection
https://notcve.org/view.php?id=CVE-2021-4262
A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is fbc2d94f43d0dc772767a5bdb2681133036f935e. It is recommended to apply a patch to fix this issue. • https://github.com/mgallegos/laravel-jqgrid/commit/fbc2d94f43d0dc772767a5bdb2681133036f935e https://github.com/mgallegos/laravel-jqgrid/pull/72 https://vuldb.com/?id.216271 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-707: Improper Neutralization •
CVE-2022-2886 – Laravel deserialization
https://notcve.org/view.php?id=CVE-2022-2886
A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/beicheng-maker/vulns/issues/3 https://vuldb.com/?id.206688 • CWE-502: Deserialization of Untrusted Data •
CVE-2022-2870 – laravel deserialization
https://notcve.org/view.php?id=CVE-2022-2870
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/beicheng-maker/vulns/issues/2 https://vuldb.com/?id.206501 • CWE-502: Deserialization of Untrusted Data •