Active exploitation of years-old ThinkPHP, ownCloud bugs spike

BleepingComputer reports that attacks leveraging old critical ThinkPHP Framework and ownCloud file sharing and syncing platform vulnerabilities to facilitate arbitrary operating system command execution and data compromise have surged in recent days.

After being exploited in Chinese cyberattacks since October 2023, the ThinkPHP Framework local file inclusion flaw, tracked as CVE-2022-47945, has been targeted by 572 unique IP addresses, according to an analysis from GreyNoise. Despite ongoing high-volume abuse, such a security issue has not yet been added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog. On the other hand, intrusions from 484 unique IPs have been deployed against ownCloud instances impacted by the CVE-2023-49103 flaw, which stemmed from the software's dependence on a PHP environment data-leaking third-party library. While the bug was reported by the FBI, CISA, and National Security Agency to be among the most exploited flaws in November, numerous ownCloud instances continue to be vulnerable.