Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shells

June 6, 2024 at 05:31PM Chinese threat actors are targeting vulnerable ThinkPHP applications, exploiting old flaws CVE-2018-20062 and CVE-2019-9082 to install a persistent web shell named Dama. The web shell allows further exploitation of breached endpoints, giving the attackers remote control, network scanning, and database access. Organizations are advised to update to ThinkPHP version 8.0 … Read more