Vulnerabilities > Laravel
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-03-28 | CVE-2018-6330 | SQL Injection vulnerability in Laravel Framework 5.4.15 Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters. | 6.5 |
2018-08-09 | CVE-2018-15133 | Deserialization of Untrusted Data vulnerability in Laravel In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. | 8.1 |
2017-11-20 | CVE-2017-16894 | Information Exposure vulnerability in Laravel In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. | 7.5 |
2017-09-28 | CVE-2017-14775 | Information Exposure vulnerability in Laravel Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison. | 4.3 |
2017-05-29 | CVE-2017-9303 | Improper Input Validation vulnerability in Laravel 5.4.0 Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host. | 5.8 |