Vulnerabilities > Phpthumb Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-31 | CVE-2016-10508 | Cross-site Scripting vulnerability in PHPthumb Project PHPthumb 1.7.11/1.7.12/1.7.13 Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php. | 4.3 |
2014-12-27 | CVE-2013-6919 | Remote Security vulnerability in PHPthumb Project PHPthumb 1.7.11 The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter. network phpthumb-project | 4.3 |