AIKIDO-2026-10232
gr8shivam/laravel-sms-api is vulnerable to Improper Input Validation
60
Medium Risk
This Affects:
gr8shivam/laravel-sms-apiTL;DR
Affected versions of this package are vulnerable to Improper Input Validation, where insufficient or inconsistent enforcement of input constraints (URL validation via filter_var(), phone number format checks, non-empty message validation, and configuration parameter validation) allows untrusted data to be processed without strict canonicalization and boundary controls. An attacker could exploit this by supplying crafted URLs (e.g., SSRF or open redirect payloads), malformed or empty phone numbers to bypass business logic, injecting unexpected message content for downstream injection vectors (such as XSS or log injection), or manipulating configuration parameters to alter application behavior, potentially leading to data exfiltration, unauthorized actions, or service abuse.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
gr8shivam/laravel-sms-api is vulnerable to Improper Input Validation in versions 1.0.0 - 3.0.6.
How to fix this
Upgrade the gr8shivam/laravel-sms-api library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant