PT-2020-15863 · Taylor Otwell · Laravel

Published

2020-09-04

Updated

2024-03-06

CVE-2020-24940

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Laravel versions prior to 6.18.34 Laravel versions 7.x prior to 7.23.2

Description An issue allows unvalidated values to be saved to the database in certain situations where table names are stripped during mass assignment.

Recommendations For Laravel versions prior to 6.18.34, update to version 6.18.34 or later. For Laravel versions 7.x prior to 7.23.2, update to version 7.23.2 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BIT-LARAVEL-2020-24940

CVE-2020-24940

GHSA-C7RM-W2HJ-X8G3

Affected Products

Laravel

PT-2020-15863 · Taylor Otwell · Laravel

CVE-2020-24940

Weakness Enumeration

Related Identifiers

Affected Products

References · 7