Stephen Rees-Carter on Substack: "⚠️ Top 10 Laravel security issues I've found during audits ⚠️ #10 → Insufficient Input Validation Routes without validation, or using request()->all(), allow for malicious inputs to be injected. Can also lead to privilege escalation to admin powers. 😱 I’ve written about this…"

The home for great culture

April 12, 2023

⚠️ Top 10 Laravel security issues I've found during audits ⚠️

#10 → Insufficient Input Validation

Routes without validation, or using request()->all(), allow for malicious inputs to be injected. Can also lead to privilege escalation to admin powers. 😱

I’ve written about this many times, most recently about the different alternates to all():

Securing Laravel

Security Tip: Retrieving Request Values

1 Like

∙

2 Restacks

11:22 AM

∙

Apr 12, 2023