"Chinese Hackers Exploit Old ThinkPHP Vulnerabilities in New Attacks"

Akamai warns that two Remote Code Execution (RCE) vulnerabilities in ThinkPHP that were patched five years ago are being exploited in a new wave of attacks. The bugs, publicly disclosed in late 2018 and early 2019, affect Content Management Systems (CMS) using older versions of the popular open source web application framework. A Chinese-speaking threat actor has exploited the flaws to fetch a file from a likely compromised server in China and deploy a web shell on vulnerable servers in two attack campaigns. Attackers can navigate the file system, tamper with local files, harvest information, and upload files using the web shell called "Dama." This article continues to discuss the exploitation and impact of the ThinkPHP vulnerabilities.

SecurityWeek reports "Chinese Hackers Exploit Old ThinkPHP Vulnerabilities in New Attacks"

Submitted by grigby1