Vulnerabilities > Laravel > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-01 CVE-2024-22859 Cross-Site Request Forgery (CSRF) vulnerability in Laravel Livewire
Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function.
network
low complexity
laravel CWE-352
8.8
2021-11-14 CVE-2021-43617 Unrestricted Upload of File with Dangerous Type vulnerability in Laravel Framework
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian.
network
low complexity
laravel CWE-434
7.5
2018-08-09 CVE-2018-15133 Deserialization of Untrusted Data vulnerability in Laravel
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value.
network
high complexity
laravel CWE-502
8.1
2017-11-20 CVE-2017-16894 Information Exposure vulnerability in Laravel
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI.
network
low complexity
laravel CWE-200
7.5