CyberSecThreat’s Holistic Cybersecurity Monitoring Solutions was originally published in APAC CIO Outlook. Organizations are facing different cyber security risks, such as APT attack, zero-day attack, ransomware attack, account compromise, physical assets stolen and secret token abuse. Enterprises already invested a lot of different physical (e.g., lock, security guard, CCTV, door access control system and signal jammer)…
A vulnerability (CVE-2021-45040) was reported in Spatie’s Media Library Pro, a Laravel add-on, allowing remote attackers to upload executable files. This happened because the ‘Temporary Upload’ function lacked authentication by default. Other issues include a lack of file name length protection and rate-limiting. Potential solutions include limiting executable file uploads, extending the TemporaryUpload model, and implementing rate limiting. The Laravel Media Library Pro team has since released fixes to address reported issues.