Phpthumb

DATE	CVE	VULNERABILITY TITLE	RISK
2012-05-21	CVE-2012-2910	Cross-Site Scripting vulnerability in Silisoftware PHPthumb() 1.7.11 Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.random.php or (2) title parameter to demo/phpThumb.demo.showpic.php. network silisoftware CWE-79	4.3
2010-04-29	CVE-2010-1598	Improper Input Validation vulnerability in Silisoftware PHPthumb() 1.7.9 phpThumb.php in phpThumb() 1.7.9 and possibly other versions, when ImageMagick is installed, allows remote attackers to execute arbitrary commands via the fltr[] parameter, as discovered in the wild in April 2010. network silisoftware CWE-20	6.8