Note by Stephen Rees-Carter on Substack: "⚠️ Top 10 Laravel security issues I've found during audits ⚠️ #10 → Insufficient Input Validation Routes without validation, or using request()->all(), allow for malicious inputs to be injected. Can also lead to privilege escalation to admin powers. 😱 I’ve written about this…"

April 12, 2023

∙

⚠️ Top 10 Laravel security issues I've found during audits ⚠️

#10 → Insufficient Input Validation

Routes without validation, or using request()->all(), allow for malicious inputs to be injected. Can also lead to privilege escalation to admin powers. 😱

I’ve written about this many times, most recently about the different alternates to all(): larasec.substack.com/p/security-tip-ret…

Securing Laravel

Security Tip: Retrieving Request Values

[Tip#40] Let's complete the set of request input helpers and their security implications

∙

Restacks