CVE-2018-6330: SQL Injection
First published: Thu Mar 28 2019(Updated: )
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Laravel Framework | =5.4.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-6330?
CVE-2018-6330 is a vulnerability in Laravel 5.4.15 that allows Error based SQL injection in the save.php file through the dhx_user and dhx_version parameters.
How severe is CVE-2018-6330?
CVE-2018-6330 has a severity level of 8.8 which is considered high.
What software is affected by CVE-2018-6330?
Laravel Framework version 5.4.15 is affected by CVE-2018-6330.
How can I fix CVE-2018-6330?
To fix CVE-2018-6330, you should update Laravel to a version that is not affected by this vulnerability.
Where can I find more information about CVE-2018-6330?
You can find more information about CVE-2018-6330 on the following websites: [Link 1](http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/), [Link 2](https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md).
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/laravel
- canonical/laravel framework
- version/laravel framework/5.4.15