Attackers Ramp Up Exploitation of CVE-2022-47945 and CVE-2023-49103 Vulnerabilities
do son 
A new report from GreyNoise reveals a significant spike in exploitation activity targeting two vulnerabilities: one in the ThinkPHP framework and another in ownCloud’s GraphAPI. While the ownCloud vulnerability has been widely publicized and listed on CISA’s Known Exploited Vulnerabilities (KEV) catalog, the ThinkPHP flaw has flown under the radar despite a surge in attacks.
GreyNoise has observed a rapid increase in exploit attempts for both vulnerabilities over the past 10 days. “Attackers are actively scanning and targeting these vulnerabilities yet only one is included in KEV, raising questions about how security teams are prioritizing threats,” the report states.
ThinkPHP Vulnerability (CVE-2022-47945)
This local file inclusion (LFI) vulnerability affects ThinkPHP versions before 6.0.14. Attackers can exploit this flaw to gain unauthorized access to sensitive files and potentially execute malicious code. GreyNoise has observed 572 unique IPs attempting to exploit this vulnerability, with activity increasing in recent days.
ownCloud GraphAPI Vulnerability (CVE-2023-49103)
This information disclosure vulnerability affects ownCloud/graphapi versions 0.2.x before 0.2.1 and 0.3.x before 0.3.1. It allows attackers to gain unauthorized access to sensitive information. This vulnerability was highlighted in a joint advisory from CISA, NSA, and FBI as one of the most exploited in 2023, and exploitation continues to rise.
Mitigation Recommendations
GreyNoise urges organizations to take immediate action to mitigate these vulnerabilities:
- Patch immediately: Upgrade ThinkPHP to version 6.0.14+ and ownCloud GraphAPI to version 0.3.1+
- Monitor and block known malicious IPs: Utilize real-time threat intelligence to identify and block attackers.
- Restrict exposure: Reduce access to affected services to limit the attack surface.
Organizations need to stay vigilant, proactively monitor for emerging threats, and prioritize patching based on risk rather than relying solely on public databases.
Related Posts:
- Hackers are exploiting ownCloud critical vulnerability in the wild
- ThinkPHP Vulnerabilities Under Active Exploit: Researchers Warn
- ownCloud Users Beware: Act Now to Patch Critical Security Vulnerabilities
- GreyNoise Intelligence Uncovers New Internet Noise Storm with Potential China Link and Cryptic “LOVE” Message
