Cyber Security News

Widespread Exploitation of ThinkPHP and OwnCloud Flaws by Cybercriminals

 GreyNoise has detected a significant surge in exploitation activity targeting two vulnerabilities — CVE-2022-47945 and CVE-2023-49103.

The alarming uptick in attacks underscores critical issues in vulnerability management and patch prioritization.

Cybercriminals are actively scanning and exploiting both vulnerabilities, though they are being perceived differently in terms of risk.

GreyNoise observed a substantial increase in exploitation attempts over the past 10 days, sparking urgent calls for action from the security community.

  • CVE-2022-47945 (ThinkPHP Local File Inclusion): This vulnerability allows local file inclusion via the lang parameter in ThinkPHP versions before 6.0.14 when language packs are enabled. While it is not listed in the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog and has a low Exploit Prediction Scoring System (EPSS) score of only 7%, GreyNoise identified 572 unique IPs actively exploiting it. Historically, ThinkPHP vulnerabilities have been associated with Chinese threat actors.
  • CVE-2023-49103 (ownCloud GraphAPI Information Disclosure): An information disclosure flaw in ownCloud/graphapi versions 0.2.x prior to 0.2.1 and 0.3.x prior to 0.3.1, this vulnerability has been noted by government agencies like CISA, the NSA, and the FBI as one of the most exploited in 2023. GreyNoise has detected activity from 484 unique IPs targeting this vulnerability, confirming its designation as a high-value target.

Security Challenges and Key Takeaways

The contrasting treatment of these two vulnerabilities highlights a growing issue in vulnerability management.

CVE-2022-47945, though actively exploited, has not received the same level of attention due to its absence from KEV and its low EPSS score.

Meanwhile, CVE-2023-49103 continues to underline the importance of staying vigilant against already-flagged threats.

Key Lessons for Organizations:

  1. Real-world risk does not always align with KEV or EPSS scores, as demonstrated by CVE-2022-47945.
  2. Real-time attack intelligence is vital to understanding active exploitation trends.
  3. Over-reliance on static vulnerability lists can lead to gaps in threat mitigation.

To safeguard against these threats, security teams should:

  • Prioritize patching: Upgrade ThinkPHP to version 6.0.14+ and ownCloud GraphAPI to 0.3.1+ immediately.
  • Monitor and block malicious IPs: Leverage real-time threat intelligence to counter active exploitation efforts.
  • Restrict exposure: Limit access to vulnerable services to reduce attack surfaces.

This incident serves as a stark reminder of the challenges in fortifying cybersecurity perimeters.  Real-time exploitation intelligence must become a cornerstone of enterprise risk management strategies.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free



Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

2 hours ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

2 hours ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

2 hours ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

2 hours ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

6 hours ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

6 hours ago