Summary: Threat actors are increasingly exploiting two vulnerabilities in ThinkPHP and OwnCloud, with significant activity observed. The ThinkPHP local file inclusion flaw (CVE-2022-47945) and the OwnCloud configuration disclosure vulnerability (CVE-2023-49103) pose serious risks to affected systems. Organizations are urged to patch and monitor these vulnerabilities to mitigate threats effectively.
Affected: ThinkPHP, OwnCloud
Keypoints :
- ThinkPHP vulnerability (CVE-2022-47945) allows unauthenticated remote command execution; not listed in CISA’s KEV catalog.
- OwnCloud vulnerability (CVE-2023-49103) discloses PHP configuration details and has seen exploitation shortly after its disclosure.
- Organizations should apply patches, limit access to vulnerable services, and monitor for known malicious IPs to reduce risk.
Source: https://www.securityweek.com/exploitation-of-old-thinkphp-owncloud-vulnerabilities-surges/