ThinkPHP Remote Code Execution Vulnerability

Released: Apr 18, 2023

Updated: Apr 19, 2023


Medium Severity

Vulnerability Type


Open source PHP framework vulnerabilities still being exploited in the wild

A remote code execution vulnerability exists within multiple subsystems of ThinkPHP 5.0.x and 5.1.x. The FortiGuard Labs continue seeing high exploitation attempts of these old vulnerabilities of more than 50,000 IPS device detections per day. There are multiple actors abusing this flaw to install malware such as Mirai like botnet, Lucifer, Cryptocurrency miners. Learn More »

Common Vulnerabilities and Exposures

CVE-2019-9082
CVE-2018-20062

Background

ThinkPHP is a free framework distributed under the Apache2 open-source license primarily used for Web application development and simplifying enterprise application development. Both of the CVE-2019-9082 and CVE-2018-20062 are on CISA's list of known exploited vulnerabilities (KEV) added in the year 2021 and successful exploitation of the flaws could allow a remote attacker to execute arbitrary code on the affected system.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


Dec 10, 2018: CVE-2018-20062, flaw discovered in noneCMS ThinkPHP.
https://github.com/nangge/noneCms/issues/21

Jan 11, 2019: CVE-2019-9082, flaw discovered in ThinkPHP package.
https://github.com/suitablecodes/open_source_bms/issues/33
Nov 03, 2021: CVE-2019-9082 and CVE-2018-20062, added to CISA's known exploited list.


FortiGuard customers remain protected by the IPS signature which was first released in 2018 and last updated in 2021. With IPS detections still at large in 2023 and online exploit availability for the CVEs, FortiGuard labs recommends users to immediately review and upgrade the vulnerable version of ThinkPHP to 5.0.23 / 5.1.31 and above.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT
  • AV

  • AV (Pre-filter)

  • Behavior Detection

  • IPS

DETECT
  • Outbreak Detection

  • Threat Hunting

RESPOND
  • Assisted Response Services

  • Automated Response

RECOVER
  • InfoSec Services

IDENTIFY
  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days

Chg

Avg 0

References

Sources of information in support and relation to this Outbreak and vendor.