Vulnerabilities > CVE-2013-6919 - Remote Security vulnerability in PHPthumb Project PHPthumb 1.7.11

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

phpthumb-project

NVD

Published: 2014-12-27

Updated: 2014-12-29

Summary

The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter. <a href="http://cwe.mitre.org/data/definitions/918.html">CWE-918: Server-Side Request Forgery (SSRF)</a>

Vulnerable Configurations

Part	Description	Count
Application	Phpthumb_Project Phpthumb Project Phpthumb 1.7.11	1

References

http://www.rafayhackingarticles.net/2013/11/phpthumb-server-side-request-forgery.html
https://github.com/JamesHeinrich/phpThumb/blob/master/docs/phpthumb.changelog.txt