CVE-2021-4262 – laravel-jqgrid EloquentRepositoryAbstract.php getRows sql injection
https://notcve.org/view.php?id=CVE-2021-4262
A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is fbc2d94f43d0dc772767a5bdb2681133036f935e. It is recommended to apply a patch to fix this issue. • https://github.com/mgallegos/laravel-jqgrid/commit/fbc2d94f43d0dc772767a5bdb2681133036f935e https://github.com/mgallegos/laravel-jqgrid/pull/72 https://vuldb.com/?id.216271 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-707: Improper Neutralization •
CVE-2022-2886 – Laravel deserialization
https://notcve.org/view.php?id=CVE-2022-2886
A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/beicheng-maker/vulns/issues/3 https://vuldb.com/?id.206688 • CWE-502: Deserialization of Untrusted Data •
CVE-2022-2870 – laravel deserialization
https://notcve.org/view.php?id=CVE-2022-2870
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/beicheng-maker/vulns/issues/2 https://vuldb.com/?id.206501 • CWE-502: Deserialization of Untrusted Data •
CVE-2022-25838
https://notcve.org/view.php?id=CVE-2022-25838
Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept. Laravel Fortify versiones anteriores a 1.11.1, permite el reúso dentro de una ventana de tiempo corta, lo que pone en duda la parte "OT" del concepto "TOTP" • https://github.com/laravel/fortify/issues/201#issuecomment-1009282153 • CWE-294: Authentication Bypass by Capture-replay •
CVE-2020-19316
https://notcve.org/view.php?id=CVE-2020-19316
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17. Una vulnerabilidad de inyección de comandos en el enlace de la función Filesystem.php en Laravel Framework versiones anteriores a 5.8.17 • http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •