Vulnerabilities > Laravel > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-25 CVE-2022-40482 Information Exposure Through Discrepancy vulnerability in Laravel Framework
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing.
network
low complexity
laravel CWE-203
5.3
2022-02-24 CVE-2022-25838 Authentication Bypass by Capture-replay vulnerability in Laravel Fortify
Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept.
network
laravel CWE-294
6.8
2021-12-20 CVE-2020-19316 OS Command Injection vulnerability in Laravel Framework
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.
network
laravel CWE-78
6.8
2021-12-08 CVE-2021-43808 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Laravel Framework
Laravel is a web application framework.
network
laravel CWE-327
4.3
2021-01-19 CVE-2021-21263 SQL Injection vulnerability in Laravel
Laravel is a web application framework.
network
low complexity
laravel CWE-89
5.3
2020-09-04 CVE-2020-24941 Improper Input Validation vulnerability in Laravel
An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0.
network
laravel CWE-20
4.3
2020-09-04 CVE-2020-24940 Improper Input Validation vulnerability in Laravel
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2.
network
laravel CWE-20
4.3
2019-03-28 CVE-2018-6330 SQL Injection vulnerability in Laravel Framework 5.4.15
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
network
low complexity
laravel CWE-89
6.5
2017-09-28 CVE-2017-14775 Information Exposure vulnerability in Laravel
Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.
network
laravel CWE-200
4.3
2017-05-29 CVE-2017-9303 Improper Input Validation vulnerability in Laravel 5.4.0
Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.
network
laravel CWE-20
5.8