cbcvebase.

Debian Php-Laravel-Framework vulnerabilities

5 known vulnerabilities affecting debian/php-laravel-framework.

Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-52301P1HIGHCVSS 8.7ExploitedPoCfixed in php-laravel-framework 6.20.14+dfsg-2+deb11u2 (bullseye)2024
CVE-2024-52301 [HIGH] CVE-2024-52301: php-laravel-framework - Laravel is a web application framework. When the register_argc_argv php directiv... Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignor
debian
CVE-2021-43617P2CRITICALCVSS 9.8PoCfixed in php-laravel-framework 6.20.14+dfsg-3 (bookworm)2021
CVE-2021-43617 [CRITICAL] CVE-2021-43617: php-laravel-framework - Laravel Framework through 8.70.2 does not sufficiently block the upload of execu... Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports conce
debian
CVE-2025-27515P3MEDIUMCVSS 6.9fixed in php-laravel-framework 10.48.29+dfsg-1 (forky)2025
CVE-2025-27515 [MEDIUM] CVE-2025-27515: php-laravel-framework - Laravel is a web application framework. When using wildcard validation to valida... Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 10.48.29+dfsg-1) sid: resolv
debian
CVE-2021-21263P4HIGHCVSS 7.2fixed in php-laravel-framework 6.20.11+dfsg-1 (bookworm)2021
CVE-2021-21263 [HIGH] CVE-2021-21263: php-laravel-framework - Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30... Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its ex
debian
CVE-2021-43808P4MEDIUMCVSS 5.3fixed in php-laravel-framework 6.20.14+dfsg-3 (bookworm)2021
CVE-2021-43808 [MEDIUM] CVE-2021-43808: php-laravel-framework - Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6... Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeh
debian
Debian Php-Laravel-Framework vulnerabilities | cvebase