Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

Source
Advertisement


ownCloud is an open-source software platform designed for file synchronization and sharing. It allows individuals and organizations to create their own private cloud storage services, giving them control over their data while facilitating collaboration and file access across multiple devices.

The vulnerability, tracked as CVE-2023-49103, resides in the Graphapi app, which relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo).

Advertisement