Hackers exploit ThinkPHP framework vulnerabilities in active attacks
Take action: If you are using old versions of ThinkPHP, it's time to patch it after years of ignoring the problem. Because hackers have found an easy way to hack you.
Learn More
Akamai has issued a warning about ongoing exploitation of two remote code execution (RCE) vulnerabilities in ThinkPHP that were patched over five years ago. The vulnerabilities, CVE-2018-20062 and CVE-2019-9082, were publicly disclosed in late 2018 and early 2019. They affect older versions of the ThinkPHP framework, which is still in use by some content management systems.
Details of the Vulnerabilities:
-
CVE-2018-20062( CVSS score 9.8) Allows remote attackers to execute arbitrary code via crafted requests. Affects ThinkPHP versions prior to 5.0.23, with a patch released on december 2018.
-
CVE-2019-9082 (CVSS score 8.8) Enables remote code execution through improper input handling. Affects ThinkPHP versions before 3.2.4, with a patch released on February 2019.
Two notable campaigns, one in October 2023 and another ongoing since April 2024, have been exploiting these vulnerabilities. The attackers are identified as Chinese-speaking, utilizing these flaws to fetch files from likely compromised servers in China and deploy the "Dama" web shell.
Organizations using affected versions of ThinkPHP should urgently update to the latest version (currently version 8.0).
