all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ThinkPHP RCE Vulnerabilities (CVE-2019-9082, CVE-2018-20062) Actively Exploited in the Wild

Add to bookmarks
April 26, 2023, 7:09 p.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

Update: 4/26 FortiEDR KB article "Threat Coverage: FortiEDR mitigates the risk of post-exploitation activity associated with exploitation of zero day vulnerabilities and unknown malware" added to APPENDIX section. The "What is the Status of Protection?" section has been updated with additional coverage information.FortiGuard Labs is observing active exploitation of several ThinkPHP remote code execution vulnerabilities (CVE-2019-9082 and CVE-2018-20062). Successful exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the affected system. Both vulnerabilities are on …

actively exploited article catalog cisa code code execution cve cve-2019-9082 exploitation exploited fortiedr information kev known exploited vulnerabilities labs malware post-exploitation protection rce remote code remote code execution risk system threat update vulnerabilities what is

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400) 23 hours ago | fortiguard.fortinet.com
advisory attack code code injection +27
XZ Utils Supply Chain Attack (CVE-2024-3094) 1 week, 6 days ago | fortiguard.fortinet.com
attack code compression cve +25
Nice Linear eMerge Command Injection Vulnerability (CVE-2019–7256) 2 weeks, 6 days ago | fortiguard.fortinet.com
access attacker code code execution +25
Jenkins Arbitrary File Read Vulnerability (CVE-2024-23897) 2 weeks, 6 days ago | fortiguard.fortinet.com
access application application developers attackers +31
Kimsuky Malware Attack 3 weeks ago | fortiguard.fortinet.com
attack cyber entities espionage +15
JetBrains TeamCity Authentication Bypass Vulnerabilities (CVE-2024-27198, CVE-2024-27199) 1 month ago | fortiguard.fortinet.com
attacker authentication authentication bypass bypass +15
ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) 1 month, 3 weeks ago | fortiguard.fortinet.com
access advisory application attackers +28
Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410) 1 month, 4 weeks ago | fortiguard.fortinet.com
attacks can critical cve +27
Ivanti Connect Secure and Policy Secure Gateways Zero-day Vulnerabilities (CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, CVE-2024-21893) 2 months, 1 week ago | fortiguard.fortinet.com
advisory application authentication authentication bypass +23

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Information Systems Security Engineer (ISSE)

@ Wyetech | Ft. Belvoir, Virginia
View on infosec-jobs.com

Security Consultant, FedRAMP Assessment | Remote US

@ Coalfire | United States
View on infosec-jobs.com

PAI/OSINT Administration Policy SME

@ Accenture Federal Services | Washington, DC
View on infosec-jobs.com

Field CISO

@ Lacework | United States
View on infosec-jobs.com

Risk Advisory Forensic Technology Services Senior

@ KPMG India | Mumbai, Maharashtra, India
View on infosec-jobs.com
View more jobs