Vulnerabilities > CVE-2013-6919 - Unspecified vulnerability in PHPthumb Project PHPthumb 1.7.11
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://www.rafayhackingarticles.net/2013/11/phpthumb-server-side-request-forgery.html
- http://www.rafayhackingarticles.net/2013/11/phpthumb-server-side-request-forgery.html
- https://github.com/JamesHeinrich/phpThumb/blob/master/docs/phpthumb.changelog.txt
- https://github.com/JamesHeinrich/phpThumb/blob/master/docs/phpthumb.changelog.txt