IsItPatchedInstant security status for any software version
← All products

CVE-2020-24940

HIGH severity · CVSS 7.5 · Improper input validation
7.5CVSS HIGH

Summary

An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactNone
Integrity impactHigh
Availability impactNone
Exploit probability (EPSS)0%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products we track (1)

Laravel

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information

Last checked: Wed, 10 Jun 2026 22:18:30 UTC