16 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands. • https://s1mple-top.github.io/2021/03/09/Laravel8-new-pop-chain-mining-process • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2

An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. • https://github.com/IDUZZEL/CVE-2023-24249-Exploit https://flyd.uk/post/cve-2023-24249 https://github.com/z-song/laravel-admin https://laravel-admin.org • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is fbc2d94f43d0dc772767a5bdb2681133036f935e. It is recommended to apply a patch to fix this issue. • https://github.com/mgallegos/laravel-jqgrid/commit/fbc2d94f43d0dc772767a5bdb2681133036f935e https://github.com/mgallegos/laravel-jqgrid/pull/72 https://vuldb.com/?id.216271 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-707: Improper Neutralization •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/beicheng-maker/vulns/issues/3 https://vuldb.com/?id.206688 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/beicheng-maker/vulns/issues/2 https://vuldb.com/?id.206501 • CWE-502: Deserialization of Untrusted Data •