Chinese websites have been under attack for a week via a new PHP framework bug

PoC for ThinkPHP security flaw sparks furious scans for vulnerable sites, most of which are based in China.