Problems activating your account? Send notification email to: [email protected]
Host4Fun Budget VPS Hosting
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Update your Laravel!
#1
I open this thread to let you know that you must always update your software!

Recently a new CVE has been filled that explain how to exploit a "Ignition" bug that allows the arbitraty execution of code. IT is really dangerous.
One of my friend VPS has been infected buy a cryptominer, the aricle I am going to post here talks about Docker APIs but the same "malicious command" has been used on Laravel's exploting. He requested my help to eradicate that maleware... well it was a nightmare, killing the process was useless because a new one will start soon after. What you need to do is find a a cron job that let the malware in.

Another CVE regards databse queries... but it is less dangerous that a miner inside your server! As the CVE article says, most of attempt of this exploit will result on "no result" from the query...


Stay safe, stay updated!
Thanks to Post4VPS and Bladenodefor VPS 14
Reply
#2
Yup update to latest bug fixes. Dont ise $request->all() or request()->all() to create, and hope for the best.
This bug is hopefully fixed
https://blog.laravel.com/security-larave...1-released
Reply
#3
That's from January and it's April now hahaha. If you're using dependabot in GitHub like me, you will get notified soon after a package get updated. I'm pretty sure my Laravel is the newest but lemme check. Yep, it's the newest one.
Thanks to Limitless Hosting and Post4VPS for providing me excellent VPS 13!
Reply
 


Forum Jump:


Users browsing this thread: 1 Guest(s)

Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting


About Post4VPS

Post4VPS is a forum/destiny where you can Delploy Your Free VPSs just by the Power of Posts.

We Provide VPSs of many locations like Germany,US,Canada,France,London,etc.

We also Provide VPSs of Both Linux and Windows OS.