ownCloud Flaw Exploited by Hackers, Urgent Patch Required
Hackers are actively exploiting a critical vulnerability in ownCloud, an open-source file synchronization and sharing solution. Tracked as CVE-2023-49103, the flaw allows remote attackers to execute phpinfo() through the ownCloud 'graphapi' app, exposing sensitive data such as admin passwords, mail server credentials, and license keys in containerized deployments. Threat tracking firms have observed mass exploitation of the vulnerability, with over 11,000 exposed instances detected. ownCloud administrators are urged to delete the vulnerable file, disable the 'phpinfo' function in Docker containers, and change potentially exposed secrets to mitigate the risk.