CVE-2019-17433
https://notcve.org/view.php?id=CVE-2019-17433
z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen. z-song laravel-admin versión 1.7.3, presenta una vulnerabilidad de tipo XSS por medio de Slug o Name en la pantalla Roles, debido a un manejo inapropiado en la pantalla "Operation log". • https://github.com/z-song/laravel-admin/issues/3847 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-15133 – Laravel Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2018-15133
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack. En Laravel Framework hasta la versión 5.5.40 y versiones 5.6.x hasta la 5.6.29, podría ocurrir una ejecución remota de código como resultado de una llamada unserialize en un valor X-XSRF-TOKEN que podría no ser fiable. Esto está relacionado con el método decrypt en Illuminate/Encryption/Encrypter.php y PendingBroadcast en gadgetchains/Laravel/RCE/3/chain.php en phpggc. • https://www.exploit-db.com/exploits/47129 https://github.com/kozmic/laravel-poc-CVE-2018-15133 https://github.com/AzhariKun/CVE-2018-15133 https://github.com/Bilelxdz/Laravel-CVE-2018-15133 https://github.com/AlienX2001/better-poc-for-CVE-2018-15133 https://github.com/NatteeSetobol/CVE-2018-15133-Lavel-Expliot http://packetstormsecurity.com/files/153641/PHP-Laravel-Framework-Token-Unserialize-Remote-Command-Execution.html https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30 https://gi • CWE-502: Deserialization of Untrusted Data •
CVE-2018-8947 – Laravel Log Viewer < 0.13.0 - Local File Download
https://notcve.org/view.php?id=CVE-2018-8947
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request. rap2hpoutre Laravel Log Viewer en versiones anteriores a la v0.13.0 confía en la codificación Base64 para peticiones l, dl y del, lo que facilita a los atacantes remotos omitir las restricciones de acceso planeadas, tal y como queda demostrado al leer archivos arbitrarios con una petición dl. Laravel Log Viewer versions prior to 0.13.0 suffers from a local file download vulnerability. • https://www.exploit-db.com/exploits/44343 https://github.com/scopion/CVE-2018-8947 https://github.com/rap2hpoutre/laravel-log-viewer/commit/cda89c06dc5331d06fab863d7cb1c4047ad68357 https://github.com/rap2hpoutre/laravel-log-viewer/releases/tag/v0.13.0 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2017-16894 – PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution
https://notcve.org/view.php?id=CVE-2017-16894
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework. En el framework Laravel hasta la versión 5.5.21, los atacantes remotos pueden obtener información sensible (como contraseñas de uso externo) mediante una petición directa para la URI /.env. NOTA: este CVE solo trata de la función writeNewEnvironmentFileWith del framework Laravel en src/Illuminate/Foundation/Console/KeyGenerateCommand.php que utiliza file_put_contents sin restringir los permisos .env. • https://www.exploit-db.com/exploits/47129 http://packetstormsecurity.com/files/153641/PHP-Laravel-Framework-Token-Unserialize-Remote-Command-Execution.html http://whiteboyz.xyz/laravel-env-file-vuln.html https://twitter.com/finnwea/status/967709791442341888 https://github.com/kozmic/laravel-poc-CVE-2018-15133 https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30 https://github.com/laravel/framework/pull/25121/commits/d84cf988ed5d4661a4bf1fdcb08f5073835083a0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-14775
https://notcve.org/view.php?id=CVE-2017-14775
Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison. Las versiones anteriores a la 5.5.10 de Laravel gestionan incorrectamente el proceso de verificación del token remember_me porque DatabaseUserProvider no compara los tokens constantemente. • https://github.com/laravel/framework/pull/21320 https://github.com/laravel/framework/releases/tag/v5.5.10 https://laravel-news.com/laravel-v5-5-11 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •