Sybelle03

2 exploits Active since Nov 2021

CVE-2021-43617 NOMISEC CRITICAL WORKING POC

Laravel Framework <8.70.2 - Code Injection

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.

1 stars

CVSS 9.8

View Code

CVE-2023-51504 NOMISEC MEDIUM SCANNER

Dan's Embedder for Google Calendar <1.2 - XSS

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS.This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2.

CVSS 6.5

View Code