Read Time:1 Minute, 14 Second
FortiGuard Labs is observing active exploitation of several ThinkPHP remote code execution vulnerabilities (CVE-2019-9082 and CVE-2018-20062). Successful exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the affected system. Both vulnerabilities are on CISA’s Known Exploited Vulnerabilities (KEV) catalog.Why is this Significant?This is significant because active exploitation of CVE-2019-9082 and CVE-2018-20062 is being observed. Also, Proof-of-Concept (PoC) code is publicly available for both vulnerabilities. They are on CISA’s Known Exploited Vulnerabilities (KEV) catalog. As such, patches should be applied as soon as possible.What is CVE-2019-9082?CVE-2019-9082 is a PHP injection vulnerability that affects ThinkPHP prior to version 3.2.4. Successful exploitation could allow a remote attacker to execute arbitrary code on the affected system. The vulnerability has a CVSS base score of 8.8.What is CVE-2018-20062?CVE-2018-20062 is a PHP injection vulnerability that affects ThinkPHP prior to version 5.0.23. Successful exploitation could allow a remote attacker to execute arbitrary code on the affected system. The vulnerability has a CVSS base score of 9.8.Is Patch Available for CVE-2019-9082 and CVE-2018-20062?Yes, patch is available for both CVE-2019-9082 and CVE-2018-20062.What is the Status of Protection?FortiGuard Labs has the following IPS signatures in place for CVE-2019-9082 and CVE-2018-20062:ThinkPHP.Controller.Parameter.Remote.Code.Execution
