CyberSecurityBoard
Sponsor Register Login

Hackers Exploiting ThinkPHP & ownCloud Vulnerabilities at Large Scale

A local file inclusion (LFI) vulnerability in ThinkPHP versions prior to 6.0.14. Exploited via the lang parameter when language packs are enabled, this flaw allows unauthenticated attackers to execute arbitrary operating system commands. As attackers continue to exploit overlooked vulnerabilities like CVE-2022-47945 while persisting with high-value targets like CVE-2023-49103, it becomes evident that traditional patch management approaches must evolve to incorporate dynamic threat intelligence. Despite its critical nature, this vulnerability is not listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog and has a low Exploit Prediction Scoring System (EPSS) score of 7%. In a significant cybersecurity breach, attackers exploited a critical vulnerability in Palo Alto Networks' PAN-OS firewall software (CVE-2024-0012) to deploy the RA World ransomware. Researchers identified 484 unique IPs targeting this flaw, which has been actively exploited since its disclosure in November 2023 and was listed among the top exploited vulnerabilities of 2023 by CISA, NSA, and FBI. A recent surge in exploitation activity has been observed targeting two critical vulnerabilities, CVE-2022-47945 in ThinkPHP and CVE-2023-49103 in ownCloud. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Notably, ThinkPHP vulnerabilities have previously been exploited by Chinese threat actors in targeted campaigns. Organizations must act swiftly to address these vulnerabilities and reassess their vulnerability management strategies to stay ahead of emerging threats. These attacks highlight the persistent threat posed by unpatched systems and the challenges organizations face in prioritizing vulnerability management. It arises from a dependency on a third-party library exposing sensitive PHP environment details via the phpinfo function, including admin credentials, mail server details, and license keys. Kaaviya is a Security Editor and fellow reporter with Cyber Security News.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 13 Feb 2025 13:30:50 +0000


Cyber News related to Hackers Exploiting ThinkPHP & ownCloud Vulnerabilities at Large Scale

Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw - Hackers are actively exploiting a critical flaw in the open source ownCloud platform that allows access to access admin passwords, mail server credentials, and license keys, exposing their enterprise to data breaches or other types of malicious ...
1 year ago Darkreading.com
CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago
Hackers start exploiting critical ownCloud flaw, patch now - Hackers are exploiting a critical ownCloud vulnerability tracked as CVE-2023-49103 that exposes admin passwords, mail server credentials, and license keys in containerized deployments. OwnCloud is a widely used open-source file synchronization and ...
1 year ago Bleepingcomputer.com
Critical bug in ownCloud file sharing app exposes admin passwords - Open source file sharing software ownCloud is warning of three critical-severity security vulnerabilities, including one that can expose administrator passwords and mail server credentials. OwnCloud is an open-source file sync and sharing solution ...
1 year ago Bleepingcomputer.com
Hackers Exploiting ThinkPHP & ownCloud Vulnerabilities at Large Scale - A local file inclusion (LFI) vulnerability in ThinkPHP versions prior to 6.0.14. Exploited via the lang parameter when language packs are enabled, this flaw allows unauthenticated attackers to execute arbitrary operating system commands. As attackers ...
3 hours ago Cybersecuritynews.com
Surge in attacks exploiting old ThinkPHP and ownCloud flaws - The first vulnerability is a local file inclusion (LFI) issue in the language parameter of ThinkPHP Framework before 6.0.14. An unauthenticated remote attacker can leverage it to execute arbitrary operating system commands in ...
17 hours ago Bleepingcomputer.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
2 years ago Hackread.com
CVE-2007-0228 - The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) ...
7 years ago
Google links WinRAR exploitation to Russian, Chinese state hackers - Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. ...
1 year ago Bleepingcomputer.com
Why Have Big Cybersecurity Hacks Surged in 2023? - Payments made to hackers who hold systems hostage for ransom increased by almost half through September, according to blockchain analytics firm Chainalysis Inc., totaling almost $500 million in payouts. In just the past few months, hackers have ...
1 year ago Bloomberg.com
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024) - Software Name Software Slug 012 Ps Multi Languages 012-ps-multi-languages ABC APP CREATOR abcapp-creator Absolute Reviews absolute-reviews Accordion accordions Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads quick-adsense-reloaded Advanced File ...
4 months ago Wordfence.com
CVE-2019-13363 - admin.php?pagenotification_by_mail in Piwigo 2.9.5 has XSS via the nbm&#95;send&#95;html&#95;mail, nbm&#95;send&#95;mail&#95;as, nbm&#95;send&#95;detailed&#95;content, ...
1 year ago
CVE-2023-52587 - In the Linux kernel, the following vulnerability has been resolved: ...
11 months ago
The Unlikely Romance of Hackers and Government Suitors - The annual Hack the Capitol event brings together a diverse group of scientists, hackers, and policymakers to educate congressional staffers, scholars, and the press about the most critical cybersecurity challenges facing our nation. Hack the Capitol ...
1 year ago Darkreading.com
CVE-2020-28092 - PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?gTeam&mTask&amy&status3&id,?gTeam&mTask&amy&status0&id,?gTeam&mTask&amy&status1&id,?gTeam&mTask&amy&status10&id ...
4 years ago
CERT-UA warns of malware campaign conducted by threat actor UAC-0006 - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Recent DarkGate campaign exploited ...
8 months ago Securityaffairs.com
Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
1 year ago Bleepingcomputer.com
North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
2 years ago Therecord.media
Russian hackers exploiting Outlook bug to hijack Exchange accounts - Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted ...
1 year ago Bleepingcomputer.com
Booking.com hackers increase attacks on customers - Hackers are increasing their attacks on Booking.com customers by posting adverts on dark web forums asking for help finding victims. Cyber-criminals are offering up to $2,000 for login details of hotels as they continue to target the people who are ...
1 year ago Bbc.com
Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
7 months ago Securityweek.com
Zcaler ThreatLabz 2024 VPN Risk Report - The growing sophistication of cyberthreats alongside the expansion of remote workforces and cloud technologies have exposed significant vulnerabilities in VPNs. Due to their legacy architecture, VPNs grant overly broad network access once credentials ...
8 months ago Cybersecurity-insiders.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Hackers Exploiting Docker Swarm, Kubernetes & SSH Servers In Large Scale - The primary goal was “cryptojacking,” using the XMRig miner to mine “Monero cryptocurrency.” The attackers showed advanced tactics by manipulating “Docker Swarm,” to create a botnet-like network of compromised ...
4 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)