Vulnerabilities > Laravel

DATE CVE VULNERABILITY TITLE RISK
2019-03-28 CVE-2018-6330 SQL Injection vulnerability in Laravel Framework 5.4.15
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
network
low complexity
laravel CWE-89
6.5
2018-08-09 CVE-2018-15133 Deserialization of Untrusted Data vulnerability in Laravel
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value.
network
high complexity
laravel CWE-502
8.1
2017-11-20 CVE-2017-16894 Information Exposure vulnerability in Laravel
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI.
network
low complexity
laravel CWE-200
7.5
2017-09-28 CVE-2017-14775 Information Exposure vulnerability in Laravel
Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.
network
laravel CWE-200
4.3
2017-05-29 CVE-2017-9303 Improper Input Validation vulnerability in Laravel 5.4.0
Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.
network
laravel CWE-20
5.8