Hackers Exploiting ThinkPHP & ownCloud Vulnerabilities at Large Scale

A local file inclusion (LFI) vulnerability in ThinkPHP versions prior to 6.0.14. Exploited via the lang parameter when language packs are enabled, this flaw allows unauthenticated attackers to execute arbitrary operating system commands. As attackers continue to exploit overlooked vulnerabilities like CVE-2022-47945 while persisting with high-value targets like CVE-2023-49103, it becomes evident that traditional patch management approaches must evolve to incorporate dynamic threat intelligence. Despite its critical nature, this vulnerability is not listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog and has a low Exploit Prediction Scoring System (EPSS) score of 7%. In a significant cybersecurity breach, attackers exploited a critical vulnerability in Palo Alto Networks' PAN-OS firewall software (CVE-2024-0012) to deploy the RA World ransomware. Researchers identified 484 unique IPs targeting this flaw, which has been actively exploited since its disclosure in November 2023 and was listed among the top exploited vulnerabilities of 2023 by CISA, NSA, and FBI. A recent surge in exploitation activity has been observed targeting two critical vulnerabilities, CVE-2022-47945 in ThinkPHP and CVE-2023-49103 in ownCloud. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Notably, ThinkPHP vulnerabilities have previously been exploited by Chinese threat actors in targeted campaigns. Organizations must act swiftly to address these vulnerabilities and reassess their vulnerability management strategies to stay ahead of emerging threats. These attacks highlight the persistent threat posed by unpatched systems and the challenges organizations face in prioritizing vulnerability management. It arises from a dependency on a third-party library exposing sensitive PHP environment details via the phpinfo function, including admin credentials, mail server details, and license keys. Kaaviya is a Security Editor and fellow reporter with Cyber Security News.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 13 Feb 2025 13:30:50 +0000

Cyber News related to Hackers Exploiting ThinkPHP & ownCloud Vulnerabilities at Large Scale

Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw - Hackers are actively exploiting a critical flaw in the open source ownCloud platform that allows access to access admin passwords, mail server credentials, and license keys, exposing their enterprise to data breaches or other types of malicious ...
2 years ago Darkreading.com CVE-2023-49103 CVE-2023-49105 CVE-2023-49104

CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
4 years ago

Hackers start exploiting critical ownCloud flaw, patch now - Hackers are exploiting a critical ownCloud vulnerability tracked as CVE-2023-49103 that exposes admin passwords, mail server credentials, and license keys in containerized deployments. OwnCloud is a widely used open-source file synchronization and ...
2 years ago Bleepingcomputer.com CVE-2023-49103

Critical bug in ownCloud file sharing app exposes admin passwords - Open source file sharing software ownCloud is warning of three critical-severity security vulnerabilities, including one that can expose administrator passwords and mail server credentials. OwnCloud is an open-source file sync and sharing solution ...
2 years ago Bleepingcomputer.com CVE-2023-49103

Hackers Exploiting ThinkPHP & ownCloud Vulnerabilities at Large Scale - A local file inclusion (LFI) vulnerability in ThinkPHP versions prior to 6.0.14. Exploited via the lang parameter when language packs are enabled, this flaw allows unauthenticated attackers to execute arbitrary operating system commands. As attackers ...
11 months ago Cybersecuritynews.com CVE-2022-47945 CVE-2023-49103 CVE-2024-0012

SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups - File Indicators of Compromise (IoCs) SHA-1FilenameDetectionDescriptionF5B60A8EAD96703080E73A1F79C3E70FF44DF271spinstall0.aspxMSIL/Webshell.JSWebshell deployed via SharePoint vulnerabilities Network Indicators of Compromise (IoCs) IP ...
5 months ago Cybersecuritynews.com

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
6 months ago Cybersecuritynews.com

Surge in attacks exploiting old ThinkPHP and ownCloud flaws - The first vulnerability is a local file inclusion (LFI) issue in the language parameter of ThinkPHP Framework before 6.0.14. An unauthenticated remote attacker can leverage it to execute arbitrary operating system commands in ...
11 months ago Bleepingcomputer.com CVE-2022-47945 CVE-2023-49103

CVE-2007-0228 - The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) ...
8 years ago

How To Implementing MITRE ATT&CK In SOC Workflows - A Step-by-Step Guide - By understanding the framework, mapping your current capabilities, developing targeted detection and response strategies, and integrating ATT&CK into your tools and processes, you can build a proactive, threat-informed defense that evolves ...
8 months ago Cybersecuritynews.com

How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
2 years ago Hackread.com

CVE-2025-39915 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago

15 Best Website Monitoring Tools in 2025 - What is Good ?What Could Be Better ?SolarWinds allows network, infrastructure, application, and other monitoring.SolarWinds’ security was questioned after a major breach.The platform’s interface is easy to set up and use.Basic monitoring ...
5 months ago Cybersecuritynews.com

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024) - Software Name Software Slug 012 Ps Multi Languages 012-ps-multi-languages ABC APP CREATOR abcapp-creator Absolute Reviews absolute-reviews Accordion accordions Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads quick-adsense-reloaded Advanced File ...
1 year ago Wordfence.com Slug

CVE-2019-13363 - admin.php?pagenotification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, ...
2 years ago

CVE-2023-52587 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago

Google links WinRAR exploitation to Russian, Chinese state hackers - Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. ...
2 years ago Bleepingcomputer.com CVE-2023-38831 CVE-2023-40477 APT28

Why Have Big Cybersecurity Hacks Surged in 2023? - Payments made to hackers who hold systems hostage for ransom increased by almost half through September, according to blockchain analytics firm Chainalysis Inc., totaling almost $500 million in payouts. In just the past few months, hackers have ...
2 years ago Bloomberg.com LockBit

CVE-2020-28092 - PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?gTeam&mTask&amy&status3&id,?gTeam&mTask&amy&status0&id,?gTeam&mTask&amy&status1&id,?gTeam&mTask&amy&status10&id ...
5 years ago

CVE-2025-21881 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago

The Unlikely Romance of Hackers and Government Suitors - The annual Hack the Capitol event brings together a diverse group of scientists, hackers, and policymakers to educate congressional staffers, scholars, and the press about the most critical cybersecurity challenges facing our nation. Hack the Capitol ...
2 years ago Darkreading.com

CVE-2025-15284 - Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. ...
2 weeks ago

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
2 years ago Esecurityplanet.com

CVE-2025-38244 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago

Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
2 years ago Bleepingcomputer.com