Vulnerabilities > Laravel

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-28	CVE-2018-6330	SQL Injection vulnerability in Laravel Framework 5.4.15 Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters. network low complexity laravel CWE-89	6.5
2018-08-09	CVE-2018-15133	Deserialization of Untrusted Data vulnerability in Laravel In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. network high complexity laravel CWE-502	8.1
2017-11-20	CVE-2017-16894	Information Exposure vulnerability in Laravel In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. network low complexity laravel CWE-200	7.5
2017-09-28	CVE-2017-14775	Information Exposure vulnerability in Laravel Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison. network laravel CWE-200	4.3
2017-05-29	CVE-2017-9303	Improper Input Validation vulnerability in Laravel 5.4.0 Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host. network laravel CWE-20	5.8

Vulnerabilities > Laravel {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Laravel"}]}