Primary

Context

Laravel Framework Wildcard Validation Bypass Vulnerability

Vulnerability

Patched

A vulnerability exists in Laravel Framework versions prior to 11.44.1 and 12.1.1, allowing wildcard validation to be bypassed on file or image fields. This could enable a user to submit a crafted request that evades the intended validation rules.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads or manipulation of file-related data, potentially causing further issues such as code execution or data corruption.

Reproduction

To reproduce this vulnerability, create a Laravel application and set up a form that includes a file upload field validated with wildcard rules, such as 'files.*'. Then, send a request that includes a file designed to bypass the validation, such as one with a misleading file extension or MIME type. The request should be crafted to exploit the validation logic, taking advantage of how Laravel processes wildcard rules.

Remediation

Users can upgrade to Laravel Framework versions 11.44.1 or 12.1.1 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

8.6

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

8.6

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Laravel Framework Wildcard Validation Bypass Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Laravel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating