Threat actors have been ramping up the exploitation of two old vulnerabilities in ThinkPHP and OwnCloud, threat intelligence firm GreyNoise warns.
The ThinkPHP issue, tracked as CVE-2022-47945 (CVSS score of 9.8), is described as a local file inclusion flaw via the ‘lang’ parameter. It affects the ThinkPHP framework iterations prior to version 6.0.14 that have the language pack feature enabled.
https://www.securityweek.com/exploitati ... es-surges/