Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLaravel Framework
APPLaravel≤ 8.70.2
Related vulnerabilities
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting du...
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting du...
Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users cal...
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.