Shodan
Vulnerabilities
Vulnerable Software
Laravel:  >> Laravel  >> 3.0.1  Security Vulnerabilities
CVE-2021-3129
Known exploited
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
CVSS Score
9.8
EPSS Score
0.943
Published
2021-01-12
CVE-2020-24940
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-04
CVE-2020-24941
An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-09-04
CVE-2018-15133
Known exploited
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
CVSS Score
8.1
EPSS Score
0.8
Published
2018-08-09
CVE-2017-16894
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.
CVSS Score
7.5
EPSS Score
0.858
Published
2017-11-20
CVE-2017-14775
Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.
CVSS Score
5.9
EPSS Score
0.003
Published
2017-09-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved